openSSL rsa_padding_mode:用phpseclib:RSA模拟pss

时间:2014-02-27 04:55:17

标签: phpseclib

如何使用phpseclib:RSA

模拟此openSSL命令

openssl pkeyutl -verify -in gfeHmac.bin -sigfile privkey2_140225_gfesig.bin -pubin -inkey pubkey2_140225.pem -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1

以下是无法验证的基本php存根:

include('phpseclib0.3.6/Math/BigInteger.php');
include('phpseclib0.3.6/Crypt/Hash.php');
include('phpseclib0.3.6/Crypt/TripleDES.php');
include('phpseclib0.3.6/Crypt/RSA.php');
echo "<hr>Using: phpseclib0.3.6/Crypt/RSA.php<br>";

function getCrntRsaPbKey()
{
  return "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmA6xcIcBo0UiVxzduHFjks511
R5Y+gsvn6rVyjIWSQZt0h8N8vJPreDCDcOybToFmJMnz8R8aohC6ipJ0nIaI644+
oXVQkKGEjaAFKn+L6AEUQSZKkkbmEjBqDSriq91q8U78Ky6xT5a5JpuHz+QEgGi2
SXf1t3EBec1vjgMycQIDAQAB
-----END PUBLIC KEY-----";
} // private function getCrntRsaPbKey($incoming)

$origData = "4hZpNOnmgAlqkCCLMJ8MKv1pC73aTReA7Pht4hnc4Os=";

echo "<hr>original base64 hash payLoad:";
var_dump ( $origData );

$signedUsePrv = "Rzwo6eiCDf/w7f69JcKuq7a0czlAXuLXsgJbat2GRc6Tvv3CH04/ccpOZoV2+NKA5tew1QH3Ic+M
qhYJkRA5l+bK6RIuEuxQ8Eo5qSpxBHmmup41INTiR4xRB2KSp+uNgj2Nw2+GAmfpK+nx53sXcxkD
ZnB+njlJTkuhx4iKmM8=";

echo "<hr>original signed digest base64 payLoad:";
var_dump ( $signedUsePrv );

$rsa = new Crypt_RSA();

//$rsa->setMGFHash('sha256');
$rsa->setHash('sha256');
//echo "<hr>\$rsa->setHash('sha256')";var_dump($tst);
//$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
//$rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
//$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PSS);
//$rsa->setSaltLength(-1);

echo "<hr>\$rsa:";var_dump ( $rsa );

$pubKey = getCrntRsaPbKey();
echo ("<hr>publickeytest can load<br>" . $pubKey);
$rsaLoadKeyRslt = $rsa->loadKey(($pubKey));
echo "<br>\$rsa->loadKey(\$pubKey):";var_dump ( $rsaLoadKeyRslt );

$rsaVerifyRslt =  $rsa->verify ( base64_decode ( $origData ),  ( $signedUsePrv ) );
echo "<hr>\$rsa->verify with Eric provided public and signature file:";var_dump ( $rsaVerifyRslt );
if ($rsaVerifyRslt==1)
{
    echo "<br>isSigned true , using Remotely Signed signature";
}

1 个答案:

答案 0 :(得分:1)

默认情况下,phpseclib使用PSS进行签名验证,默认情况下使用的盐长度为-1(它使用的盐长度等于哈希长度,这是我认为-1的含义)。

除此之外,与phpseclib默认情况不同的是,它使用sha256,而phpseclib默认使用sha1。

无论如何,鉴于我认为这会做你想要的事情:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA(); 
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
$rsa->setHash('sha256');
$rsa->setMGFHash('sha256');
echo $rsa->verify(
    file_get_contents('plaintext.txt'),
    file_get_contents('signature.txt')
) ? 'verified' : 'unverified';
相关问题
最新问题