通过PHP生成crx文件失败:“包无效:CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED”

时间:2013-05-23 20:55:32

标签: php google-chrome google-chrome-extension openssl public-key-encryption

我正在使用phpseclib在PHP中生成一个crx文件。当我尝试将crx安装到Chrome中时,出现错误:

Package is invalid: 'CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED'

这是我的代码:

<?php
//Include phpseclib files
include('File/X509.php');
include('Crypt/RSA.php');

//RSA Handler
$rsa = new Crypt_RSA();

//Create key pair
$keyPair = $rsa->createKey();

//Get the keys
$privKey = $keyPair[ "privatekey" ];
$pubKey = $keyPair[ "publickey" ];

//The Zip file contents
$zipContents = file_get_contents( "helloworld.zip" );

//Load the private key into the handler
$rsa->loadKey( $privKey );

//Sign the content (default is SHA1)
$signature = $rsa->sign( $zipContents ) ;

/* Tried this, but it also did not work */
//Convert to openSSH and remove the leading/trailing "comments": "ssh-rsa ", " phpseclib-generated-key"
//$rsa->loadKey( $pubKey );
//$rsa->setPublicKey(); 
//$pubKey = $rsa->getPublicKey( CRYPT_RSA_PUBLIC_FORMAT_OPENSSH );
//$pubKey = substr( $pubKey, 8, strlen( $pubKey ) - 32 );

//Encode public key in Base64 and remove the "-----BEGIN PUBLIC KEY-----\r\n" and "\r\n-----END PUBLIC KEY-----" (to put in .crx)
$base64Key = base64_decode( substr( $pubKey, 28, strlen( $pubKey ) - 54 ) );

//Create the crx (wb = write in binary mode)
$crxFile = fopen( "helloworld.crx", "wb" );

//Add crx "magic" marker, format version
fwrite( $crxFile, "Cr24" );
fwrite( $crxFile, pack( "V", 2 ) );

//Write public key and signature length
fwrite( $crxFile, pack( "V", strlen( $base64Key ) ) );
fwrite( $crxFile, pack( "V", strlen( $signature ) ) );

//Write public key (base64 encoded) and signature
fwrite( $crxFile, $base64Key );
fwrite( $crxFile, $signature );

//Write the zip file contents
fwrite( $crxFile, $zipContents );

fclose( $crxFile );
?>

我做错了什么?我猜它与密钥的格式和签名有关?

1 个答案:

答案 0 :(得分:0)

我找到了答案!签名使用CRYPT_RSA_SIGNATURE_PSS,显然只适用于PKCS1。所以你需要添加这一行:

$rsa->setSignatureMode( CRYPT_RSA_SIGNATURE_PKCS1 );

签名创建代码之前。所以签名代码现在看起来像这样:

//Load the private key into the handler
$rsa->loadKey( $privKey );

//Sign the content (default is SHA1)
$rsa->setSignatureMode( CRYPT_RSA_SIGNATURE_PKCS1 ); /* <-- This is required */
$signature = $rsa->sign( $zipContents ) ;
相关问题
最新问题