Fatal编程技术网
  • php/
  • 数字签名生成错误的值。(使用PHP生成签名)

数字签名生成错误的值。(使用PHP生成签名)

php certificate

数字签名生成错误的值。(使用PHP生成签名),php,certificate,digital-signature,x509,php-openssl,Php,Certificate,Digital Signature,X509,Php Openssl,我正在尝试从字符串或文本生成数字签名。我正在使用PHP生成数字签名 这是我试图生成签名的字符串,从ZHDASCRA53到ZTRENDRA53 22,包括它后面的换行符 ZHDASCRA53 0800 20141014 ZXCMIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx ZXCDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw Z

我正在尝试从字符串或文本生成数字签名。我正在使用PHP生成数字签名

这是我试图生成签名的字符串,从ZHDASCRA53到ZTRENDRA53 22,包括它后面的换行符

ZHDASCRA53  0800    20141014
ZXCMIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
ZXCDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
ZXCIgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
ZXCdXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
ZXCMzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZXCZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
ZXCdGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ZXCji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
ZXC1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
ZXCc/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
ZXCSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
ZXCFgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
ZXC/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
ZXCDzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
ZXCQnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
ZXCcG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
ZXCdWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
ZXCWFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
ZXCvxkxeg9xtdlZXGrmKik=
ZDCSTANDING JOHN                20141014    Y   Y                           A96210
ZTRENDRA53  22
下面是我用来生成数字签名的测试证书

-----BEGIN CERTIFICATE-----
MIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
DDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
IgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
dXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
MzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
dGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
c/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
DzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
QnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
cG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
dWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
WFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
vxkxeg9xtdlZXGrmKik=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDN88relq2o8Bi8ey/W/44t+ieXFItxQogJx1k+q1OIjv9JDuRg
uQ4SJRFVuuHtvbFw+1eRvg3NQ8ocHhzhQtZ8+ec3IuKXnoPkD4/CwKXsYynAo5us
uoYpTfLuWFMwRu5ZCNJolHKxdsxfSsa6qHPxsSi+wbXY94xgmacJlZkKxwIDAQAB
AoGBALSKsd3dAxFkoJqh9rcnwhDmCUy00uSPqUfBPKfmcsz0ZjA6YNO1hfM8EW0w
7ZuGvgVIIGT/0YOOmJ97el+yQukp8ViYQLWidLOe/IWPzWrcK+D7gBs/sGUNakWl
Dqen6+HcUV9NBW/AvY4wWigllWx+F9fRt2Y+BLV3lO7EngsJAkEA+haLzFi4+Sdm
SPot7f2yYy366Ktqt9XbAWbWllE/Md2kt0wFI3gs85uURIf9UIrLL+JbrPRw1rzq
j94qXdE7TQJBANLSJpZougjyQG+rgbkf4BbUlfy9S8iKNDk4YfYviDQ4EJ99c5Mb
qF5ukiqnPSRNuKm5iePdFT2kB/F4mbvFjGMCQQCPjqmpH7TusQMyGQqMdvkTna1O
KjgUVxpkb5f2qaTRBx4qaeT5O17yZ/hwbm+m8EU6s4FUguzTF5a+BxXizNxxAkEA
qZZxggbGuBGfsfTmCnRQwCzMZp4jyzMZpXnsm6xKxa7f+FxjT1AtVaFepT8Y2Q5I
YQemm40p3AcKeL2J9VmJfwJAHTf41K9iQlbQEyq8LMF7EQ7IqwmOlebh86qJPVqE
Fv9xZRAOzxG/ZgsXImMvWEUabqcIoXA7i9CZOJNg/kvKdw==
-----END RSA PRIVATE KEY-----
下面是预期的数字签名

RbcEYwvJgpONLxtaJxiL2XbFC/xJVwzamJN/2dkowulp7JYHAsNR/ktEcloDhM0G
5VIPQpCu2vqLf74i2VS5Whwz3nChauSGUC8Zl6qB4SqbYfV0bk/pT3mPMrdK/keu
g8U4nFa3ufW4pFslxW87IsglbZ0IlsnlPTJObg5Ku+M=
以下是我的数字签名的输出:

OmpyizRj+4t27PoEMVlLxyYt6LGzyaKXsoXtZoTxd26PXfxYSeiflvAkhSIZNIn0 
zwNNnnC1t3BI25aOdItrKcSbNXKHtnnGpqpLWb6cFfLC3Q8DZpEAV/RrHPBCUNsK 
b8/u5CK7KRARyQWNDkWZLgnDg0G4hnlph7bwBTJW0Gs=

$fp = fopen(getcwd() . "certificate.pem", "rb");
$priv_key = fread($fp, 30000);
fclose($fp);

$pkeyid = openssl_get_privatekey($priv_key);

openssl_sign($message, $signature, $pkeyid, OPENSSL_ALGO_MD5);

openssl_free_key($pkeyid);

$base64_signature = base64_encode($signature);
下面是我用来生成数字签名的PHP代码:

OmpyizRj+4t27PoEMVlLxyYt6LGzyaKXsoXtZoTxd26PXfxYSeiflvAkhSIZNIn0 
zwNNnnC1t3BI25aOdItrKcSbNXKHtnnGpqpLWb6cFfLC3Q8DZpEAV/RrHPBCUNsK 
b8/u5CK7KRARyQWNDkWZLgnDg0G4hnlph7bwBTJW0Gs=

$fp = fopen(getcwd() . "certificate.pem", "rb");
$priv_key = fread($fp, 30000);
fclose($fp);

$pkeyid = openssl_get_privatekey($priv_key);

openssl_sign($message, $signature, $pkeyid, OPENSSL_ALGO_MD5);

openssl_free_key($pkeyid);

$base64_signature = base64_encode($signature);
变量$message包含我拥有的文本/字符串

我也试过了

openssl dgst -md5 message.txt | openssl rsautl -sign -inkey certificate.pem | openssl enc -base64 -out base64_signature.txt
生成数字签名,但仍有不同的输出

我也读过这篇文章,我不确定我们是否尝试做同样的事情,似乎我们拥有的数据是相同的,尽管我们在测试数据上使用不同的名称

真的需要帮助,我仍然不确定我做错了什么

任何帮助都将不胜感激。非常感谢

*注意:编辑fopen使其具有rb而不仅仅是r

*注意:Edited还尝试执行以下操作:

shell_exec("openssl dgst -md5 message.txt | openssl rsautl -sign -inkey certificate.pem | openssl enc -base64 -out base64_signature.txt");

shell_exec("openssl dgst -md5 -sign certificate.pem message.txt | openssl enc -base64 -out base64_signature.txt");
然后使用fopen检索输出,fread也不起作用。

很可能是因为使用了OPENSSL算法。尝试不同的值,看看是否适合您:感谢您的回复,我已经在cli上尝试了针对php的OPENSSL_algou_SHA1或针对OPENSSL的-SHA1,但输出仍然不同,目前我尝试实现的唯一允许的算法是MD5或SHA1。您是否尝试将证书和密钥分离为独立文件?我看到的大多数示例仅将密钥用作.pem文件。不确定这是否有用,但值得一试。虽然刚刚尝试过,但仍然会生成不同的输出。文档中有一些关于如何验证签名的示例:以防万一。