RSA 签名相关

php demo:

参考:

https://gist.github.com/winok/6153500

<?php 

## openssl genrsa -out key.pem 1024
## openssl rsa -in key.pem -pubout -outform PEM -out pubkey.pem
## openssl rsa -in key.pem -pubout -outform DER -out pubkey.der

function hextobin($hexstr) 
{ 
	$n = strlen($hexstr); 
	$sbin="";   
	$i=0; 
	while($i<$n) 
	{       
		$a =substr($hexstr,$i,2);           
		$c = pack("H*",$a); 
		if ($i==0){$sbin=$c;} 
		else {$sbin.=$c;} 
		$i+=2; 
	} 
	return $sbin; 
} 

function buildSign($toSign) {

	$signature = null;
	$priv_key = file_get_contents('key.pem');

	$pkeyid = openssl_get_privatekey($priv_key);
	openssl_sign($toSign, $signature, $pkeyid);
	openssl_free_key($pkeyid);

	$hex = bin2hex( $signature );
	return $hex;
}

function verifySign($sign, $toSign) {

	$signdata = hextobin($sign);

	$ret = openssl_verify($toSign, $signdata, file_get_contents('pubkey.pem'));
	return $ret;	
}

function verifySign_der($sign, $toSign) {

	$signdata = hextobin($sign);

	$der = file_get_contents('pubkey.der');
	$pem = "-----BEGIN PUBLIC KEY-----n";
	$str = base64_encode($der);
	$pem .= wordwrap($str, 64, "n", true)."n";	
	$pem .= "-----END PUBLIC KEY-----n";	

	$ret = openssl_verify($toSign, $signdata, $pem);
	return $ret;	
}

$sign = buildSign('test1');
if (verifySign($sign, 'test1') == 1)
	echo "successn";
if (verifySign_der($sign, 'test1') == 1)
	echo "successn";

echo "n";

$sign = buildSign('test1');
if (verifySign($sign, 'test2') == 0)
	echo "successn";
if (verifySign_der($sign, 'test2') == 0)
	echo "successn";

?>

 

相关格式参考:

http://www.cnblogs.com/xiaoweiyu/archive/2011/12/26/2302297.html

 

注意:

1.相关参数(如:openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out key.der -nocrypt 里的最后一个参数 )

2.公钥和私钥所用命令不同

3.通常二进制der格式通过 base64 或十六进制表示。先还原,再转换格式。

转发请注明出处http://blog.martoo.cn
如有漏缺,请联系我 QQ 243008827

发表评论

电子邮件地址不会被公开。 必填项已用*标注