私有/公共 RSA 2048 密钥对 - 如何使用 phpseclib 验证 RSA PKCS#1v1.5 SHA 256

问题描述 投票:0回答:1

我需要验证 api 端点中的签名,但无论我尝试什么,都无法验证它。数据来自移动设备。

密钥对是通过此库在 Android 上创建的,特别是使用这些函数。

  1. 密钥对 ReactNativeBiometrics.createKeys --> 深入源代码
  2. 签名ReactNative生物识别。 createSignature --> 深入源代码

composer.json

{
    "require": {
        "phpseclib/phpseclib": "^3.0",
        "kint-php/kint": "^4.2"
    }
}

index.php

<?php

require "vendor/autoload.php";

use phpseclib3\Crypt\PublicKeyLoader;
use phpseclib3\Crypt\RSA\PublicKey;
use phpseclib3\Crypt\RSA;

$message = "CIAO";
$signature = "nu92wNMUDDUgZJbrKOIJt09FOfvMvQ6fWlNCfvkxqhUuGIT7hCnikQCM4KfXJN/X7D3+ISQvu1+BbVYug2uvxDwtDt7mHRr7lo7SRN6/yFq237LJ9iHZNZWXz1Ict1ez92Aa1oeDZtMpO84VOrVE372UNOETFvz+AaeTJ3lO/3WV+xu+uQ36FiOhLtAi7CXFhCki3+P6oO0Va1PtB2rmdiMcbHSkn3y5IZG5UTxLtRYr0dkTbbq+ySNMdYY01Yd1aOHl7phgoR+sRHQwOaq2/IHAahBOTZShrjLy5b/DmDaYwjjAs76FSQFiWtPjtm0WdiroGbzdwsHjWgBXKyHzHA==";

$hash = hash('sha256', $message, true);

$publicKey = "
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4sNG1i5Tiqc2nz5nFU8
Q7UaKbOqV2jTCB0Alg2hwT6GQX/GhPTHiPicoLPX1yubPbDxn9e/4ZPCwdfW20JG
4oaGNUnT6VSfH9Tx5ckBGIYzsHbRU7llKgMFK91RVrTCb/3v1sSEHBthby2C4c2V
N1zDCZxaTGfY3zgsEhUIYHhagam1c/WHR9mVCu+9a9QwsMgJ9ppKwikzLyetNkla
MvIKzTxsFHrtZrmBhlbmRHFXGKqqwvnwxkER14YpldiXBFUJ1/p4JHE09byfxmC/
9kRjFxqOxU3hwvO2YlRbk9/T8+6mtyyUxHLLK37vBYOuvKEaPIKM/ASm8UiZLwqq
swIDAQAB
-----END RSA PUBLIC KEY-----
";

$key = PublicKeyLoader::loadPublicKey($publicKey, $password = false);

\Kint::dump(
    $publicKey,
    $key::getSupportedKeyFormats(),
    $key->getLoadedFormat(),
    $key->getPadding(),
    (string) $key->getHash(),
    $key,
    $key instanceof \phpseclib3\Crypt\Common\PublicKey,
    $key->verify(base64_decode($message, true), base64_decode($signature, true)),
    $key->verify(base64_decode($message, true), $signature),
    $key->verify($message, base64_decode($signature, true)),
    $key->verify($message, $signature),
    $key->verify($hash, base64_decode($signature, true))
);

结果:

我使用这个工具在线验证签名成功这里

显然有一些我想念的东西,但我无法弄清楚

phpseclib android-biometric
1个回答
0
投票

使用此代码验证对我来说很好:

$message = "CIAO";
$signature = "nu92wNMUDDUgZJbrKOIJt09FOfvMvQ6fWlNCfvkxqhUuGIT7hCnikQCM4KfXJN/X7D3+ISQvu1+BbVYug2uvxDwtDt7mHRr7lo7SRN6/yFq237LJ9iHZNZWXz1Ict1ez92Aa1oeDZtMpO84VOrVE372UNOETFvz+AaeTJ3lO/3WV+xu+uQ36FiOhLtAi7CXFhCki3+P6oO0Va1PtB2rmdiMcbHSkn3y5IZG5UTxLtRYr0dkTbbq+ySNMdYY01Yd1aOHl7phgoR+sRHQwOaq2/IHAahBOTZShrjLy5b/DmDaYwjjAs76FSQFiWtPjtm0WdiroGbzdwsHjWgBXKyHzHA==";
$publicKey = "-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4sNG1i5Tiqc2nz5nFU8
Q7UaKbOqV2jTCB0Alg2hwT6GQX/GhPTHiPicoLPX1yubPbDxn9e/4ZPCwdfW20JG
4oaGNUnT6VSfH9Tx5ckBGIYzsHbRU7llKgMFK91RVrTCb/3v1sSEHBthby2C4c2V
N1zDCZxaTGfY3zgsEhUIYHhagam1c/WHR9mVCu+9a9QwsMgJ9ppKwikzLyetNkla
MvIKzTxsFHrtZrmBhlbmRHFXGKqqwvnwxkER14YpldiXBFUJ1/p4JHE09byfxmC/
9kRjFxqOxU3hwvO2YlRbk9/T8+6mtyyUxHLLK37vBYOuvKEaPIKM/ASm8UiZLwqq
swIDAQAB
-----END RSA PUBLIC KEY-----";

$signature = base64_decode($signature);
$key = PublicKeyLoader::load($publicKey)->withPadding(RSA::SIGNATURE_PKCS1);
echo $key->verify($message, $signature) ? 'good' : 'bad';

(sha256 是 phpseclib v3 的默认哈希值)

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.