问题描述
我需要以下伪"代码的帮助:
I need some help with the following "pseudo" code:
<?php
$stringToVerify = '50.009781OK101092014125505';
$ECDSA = '3045022100b4b4064158cb12f5b3d902e1e4487e0c6dfafd96b5bb5ab9765fc088e054d67e0220153 f9bb5da20441c68ff0c3e8ba28cfe048e5c3152fc8c890def156cf09d5540';
$publicKey = "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaq6djyzkpHdX7kt8DsSt6IuSoXjp
WVlLfnZPoLaGKc/2BSfYQuFIO2hfgueQINJN3ZdujYXfUJ7Who+XkcJqHQ==
-----END PUBLIC KEY-----";
var_dump(openssl_verify($stringToVerify, pack("H*", $ECDSA), $publicKey, OPENSSL_ALGO_SHA256));
var_dump(openssl_error_string());
openssl_verify()将始终返回非TRUE值,而openssl_error_string()将返回错误消息:'error:0906D06C:PEM例程:PEM_read_bio:no开始行'
openssl_verify() will always return non-TRUE value and the openssl_error_string() will return error message: 'error:0906D06C:PEM routines:PEM_read_bio:no start line'
哪里可能有问题?为什么openssl_verify()无法返回TRUE?
Where might be a problem? Why openssl_verify() won't return TRUE?
OpenSSL版本为1.0.1r 2016年1月28日
OpenSSL version is 1.0.1r 28 Jan 2016
推荐答案
error:0906D06C:PEM routines:PEM_read_bio:no start line
不致命.这意味着它没有找到带有私钥的证书,这是可以的,因为在这种情况下只有一个公钥/私钥.
The error:0906D06C:PEM routines:PEM_read_bio:no start line
is non-fatal. That means it didn't find a certificate along with the private key which is okay since there is only a public/private key in this case.
openssl_verify()
失败时返回-1
,如果签名正确,则返回1
,并且0
如果不正确.因此,您应该检查所有3个值,而不仅仅是真或假.
openssl_verify()
returns -1
on failure, 1
if the signature is correct and 0
if it is incorrect. Because of this you should be checking for all 3 values, not just true or false.
您应检查openssl_verify
的返回值是否为-1
指示失败.如果返回0
,则表明密钥有效,但是签名无效,数据被篡改或使用错误的公共密钥进行验证.
You should check the return value of openssl_verify
for -1
indicating failure. If it returns 0
, then the key is valid but either the signature is invalid, the data was tampered with, or the wrong public key was used for verification.
这是一个完整的示例:
<?php
$stringToSign = "hey this is some data I want to sign to confirm I said it and no one else...";
$privateKey =
"-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA0PWnPjB5x8Xs+uV0GRCGGE8xlLU67sx6CDdAU7FBsBe8X7pt
065MAUwrtRQvIhyKhd9wRg8LvgWm7vYnYi5tkdodOhRyVw+jd7Id9CsQwUNNG+JZ
vrEmHKCTXvWbv/fmL5DTCkRxoJj3KdNqUYA6M+JcGahgpGnsRmvWQ2mz4IZZi5ur
vjSPPdrBSWgts5uIv5tNfEwuEzbJtIENn0tysoksIiG/n8edBbxlTqCo8OJVfy1n
h21TdBEHsi9V0NyEtqAFKdHaZscA3yj9k2mWuqSg1c0VnGJ/+OmOvgLkDlz3f7vH
t7ULJxV/iyNdugh5XUD1YKRwhMqBqfTNlKyFvwIDAQABAoIBABEsPyRjQ37hi0pL
VTFCJGMXDxITmtZJQ7YtJEI8jRN1v+t2HNSKvIBWzDjDgeQhyFicNlPrpKFnQYLe
A/qTqjmUXVaKm6MADAUoREHu0B+x8kJaZdnAIUu0/qeNM9GhA+/gzRdI7LWwHI/5
agFsslvVPJB3QAoDEoHvFtrPcxL+kY+wZu8RUYG6TCX/QxD45iZhQkWFH6I6tXh+
5wO1Dt0sx1iQJYkaI9/iHGkKS04hnNCQKPSdBLx0p+w87W9aF3+hoafRGMLsHL8S
mzQTFTHryYdrczjFhFypPhgCm+gdm8OlhjpuRHdmEV6jm40snnPyq9w9gm1Etge9
v0otEjECgYEA7z8WOw0NGb+UHx8F+YKyaaVigkN/Pal0tBbBG/XIF2hubbldr3Z8
/XCfmY8sIdQvxOusSfD1aFCxS34t8V6kAerQKZ6p4+W4xb7+dF9/qfCqJXzQttug
M8EujgAdqlS+G/3FKzHBWmfTDlymLsldH2dC2I6U+Jo5kAzPyS5SxLsCgYEA35ef
E79OaCKNFGpK9VgsLnEKd9DtZS3abzOkx5242VRjWIjrsvEgLfuvLSGGYgSaeCMY
edsCQ3mfmS2Yjiov0eZ4b2PcK+16ndaGQceHwuoP/eeH/BGe+eLcDF/xBFx7yRnn
sVgDhePthBCwOOJm7M26cCVdMmO3GMHxopXdNM0CgYEAlfQvxeFfRbU7bOov/3y4
wNjlTopp1UdCG6JrdU/vEyTkmidmHhUhMGUH0+LWIXnyWvXwbgP2fWSeS5gRycis
+Xqo8H0/NNWGo4Mbz+sPhH+Q1aBO3V35IpdBy8Us0tb8tWSw0WsFKtoKgmT10Dtr
/8PkNQHhQ5S+4Zf2IL3FKQMCgYEAy4A0SMTVl/HadbpIfwTBMYOxA1wktPIG3S8j
yorCswsbYHk+DJ9pqnBn/6uDo7KM5MsMe9vZM5B+sevN7ZZ375LUCo3Y1iJOd1nI
2BXCeqSN6YnROprPFqBjpt+rfUyvXVk2hzKUAkhw5MJLoXpuMxkLlwZqzHH1M5NR
WakMrAECgYEA4Ij7J3591daJbS5+pFK7MujrSg6TTi2etyyXcNO6xIkEbiX69MIU
DZh9GfAVkh6k/WaA2MuThI39TZJiF0nBU+irQttK6LeVhZ2MK+dEJh7rTy1b7zv1
WXLfkc1viK7cnC2ROOChmRm64GURupdf7ACsR2r+vbTSEoevWKfXwIk=
-----END RSA PRIVATE KEY-----";
$publicKey =
"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PWnPjB5x8Xs+uV0GRCG
GE8xlLU67sx6CDdAU7FBsBe8X7pt065MAUwrtRQvIhyKhd9wRg8LvgWm7vYnYi5t
kdodOhRyVw+jd7Id9CsQwUNNG+JZvrEmHKCTXvWbv/fmL5DTCkRxoJj3KdNqUYA6
M+JcGahgpGnsRmvWQ2mz4IZZi5urvjSPPdrBSWgts5uIv5tNfEwuEzbJtIENn0ty
soksIiG/n8edBbxlTqCo8OJVfy1nh21TdBEHsi9V0NyEtqAFKdHaZscA3yj9k2mW
uqSg1c0VnGJ/+OmOvgLkDlz3f7vHt7ULJxV/iyNdugh5XUD1YKRwhMqBqfTNlKyF
vwIDAQAB
-----END PUBLIC KEY-----";
$signature = null;
$alg = OPENSSL_ALGO_SHA256;
if (openssl_sign($stringToSign, $signature, $privateKey, $alg)) {
echo "Successfully signed data.\n";
$signature = base64_encode($signature); // as might be done in transport
// verify which should succeed
$success = openssl_verify($stringToSign, base64_decode($signature), $publicKey, $alg);
if ($success === -1) {
echo "openssl_verify() failed with error. " . openssl_error_string() . "\n";
} elseif ($success === 1) {
echo "Signature verification was successful!\n";
} else {
echo "Signature verification failed. Incorrect key or data has been tampered with\n";
}
// verify which should fail because data has been tampered with
$stringToSign .= "\nI am evil and demand you wire $1,000,000,000 to me.";
$success = openssl_verify($stringToSign, base64_decode($signature), $publicKey, $alg);
if ($success === -1) {
echo "openssl_verify() failed with error. " . openssl_error_string() . "\n";
} elseif ($success === 1) {
echo "Signature verification was successful!\n";
} else {
echo "Signature verification failed. Incorrect key or data has been tampered with!\n";
}
} else {
echo "openssl_sign() failed. " . openssl_error_string() . "\n";
}
这篇关于PHP:openssl_verify无法与ECDSA密钥一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!