验证php上的数字签名

时间:2014-01-09 23:45:22

标签: javascript php cryptography digital-signature

我正在使用javascript签署一条消息然后尝试在php上验证,但它总是返回错误。

我使用此http://cdn9.atwikiimg.com/kurushima/pub/jsrsa/sample-rsasign.html作为我的javascript的示例。

我的javascript是

function doSign() {
 var rsa = new RSAKey();
  rsa.readPrivateKeyFromPEMString(document.form1.prvkey1.value);
  var hashAlg = document.form1.hashalg.value;
  var str1 = document.form1.msgsigned.value;
  var str2 = document.form1.msgsigned1.value;
  var res = str1.concat(str2);
  var hSig = rsa.signString(res, hashAlg);
  document.form1.siggenerated.value = linebrk(hSig, 64);
}

function doVerify() {
  var sMsg = document.form1.msgverified.value;
  var hSig = document.form1.sigverified.value;

  var x509 = new X509();
  x509.readCertPEM(document.form1.cert.value);
  var result = x509.subjectPublicKeyRSA.verifyString(sMsg, hSig);

  // display verification result
  if (result) {
    _displayStatus("valid");
  } else {
    _displayStatus("invalid");
  }
}

function copyMsgAndSig() {
  _displayStatus("reset");
  document.form1.msgverified.value = document.form1.msgsigned.value;
  document.form1.msgverified1.value = document.form1.msgsigned1.value;   
  document.form1.sigverified.value = document.form1.siggenerated.value; 
}

function _displayStatus(sStatus) {
  var div1 = document.getElementById("verifyresult");
  if (sStatus == "valid") {
    div1.style.backgroundColor = "skyblue";
    div1.innerHTML = "This signature is *VALID*.";
  } else if (sStatus == "invalid") {
    div1.style.backgroundColor = "deeppink";
    div1.innerHTML = "This signature is *NOT VALID*.";
  } else {
    div1.style.backgroundColor = "yellow";
    div1.innerHTML = "Please fill values below and push [Verify this sigunature] button.";
  }
}

这是我的php 

<?php
        $msgAssinada=$_POST['msgsigned'];
        $msgAssinada1=$_POST['msgsigned1'];
        $assinatura=$_POST['siggenerated'];
        echo "<p>".$_POST['msgsigned']."</p>";
        echo "<p>".$_POST['msgsigned1']."</p>";
        echo "<p>".$_POST['siggenerated']."</p>";

        $fp = fopen("publicCert.pem", "r");
        $cert = fread($fp, 8192);
        fclose($fp);
        $pubkeyid = openssl_pkey_get_public($cert);
        $result = $msgAssinada . $msgAssinada1;
        echo $result;

        $ok = openssl_verify($result, $assinatura, $pubkeyid);

        if ($ok == 1) {
            echo "good";
        } elseif ($ok == 0) {
            echo "<p>bad</p>";
        } else {
            echo "ugly, error checking signature";
        }

        openssl_free_key($pubkeyid);
    ?>

我正在使用这个键:

私钥:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArS+LAkcvzrv5yICTGrJFkK+Z6uIJ1VizM8Cs8sj1uBYg6R+Z
(...)
9VA6LyRzv11n2wpJ0tOusRv7+XhF+BE28gkEfZtBg9mZakqVH7zO9A==
-----END RSA PRIVATE KEY-----

公钥

-----BEGIN CERTIFICATE-----
MIIFfzCCA2egAwIBAgIDDguBMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
(...)
Etj7VCXe3h2xHgQUfkUvnRw8vw==
-----END CERTIFICATE-----

0 个答案:

没有答案
相关问题
最新问题