数字签名生成错误的值。 (使用PHP生成签名)

时间:2014-11-08 08:01:31

标签: php certificate digital-signature x509 php-openssl

我正在尝试从字符串或文本生成数字签名。我正在使用PHP生成数字签名。

这是我试图从ZHDASC​​RA53到ZTRENDRA53 22生成签名的字符串,包括后面的换行符。

ZHDASCRA53  0800    20141014
ZXCMIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
ZXCDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
ZXCIgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
ZXCdXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
ZXCMzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZXCZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
ZXCdGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ZXCji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
ZXC1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
ZXCc/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
ZXCSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
ZXCFgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
ZXC/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
ZXCDzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
ZXCQnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
ZXCcG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
ZXCdWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
ZXCWFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
ZXCvxkxeg9xtdlZXGrmKik=
ZDCSTANDING JOHN                20141014    Y   Y                           A96210
ZTRENDRA53  22

以下是我用来生成数字签名的测试证书。

-----BEGIN CERTIFICATE-----
MIIDajCCAtOgAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBhDELMAkGA1UEBhMCQVUx
DDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MQ0wCwYDVQQKEwRBU0lDMSQw
IgYDVQQLExtJVFNCIGVCdXNpbmVzcyBTeXN0ZW1zIFRlYW0xITAfBgNVBAMTGGVC
dXNpbmVzcyBEZXZlbG9wbWVudCBDQTAeFw0wMjA1MjcwMzA4MDlaFw0wMzA1Mjcw
MzA4MDlaMF0xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5
ZG5leTENMAsGA1UEChMEQVNJQzENMAsGA1UECxMEVGVzdDERMA8GA1UEAxMIVGVz
dGVyIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3zyt6WrajwGLx7L9b/
ji36J5cUi3FCiAnHWT6rU4iO/0kO5GC5DhIlEVW64e29sXD7V5G+Dc1DyhweHOFC
1nz55zci4peeg+QPj8LApexjKcCjm6y6hilN8u5YUzBG7lkI0miUcrF2zF9Kxrqo
c/GxKL7Btdj3jGCZpwmVmQrHAgMBAAGjggEQMIIBDDAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUwvFqXS71CPKI/CUSuTqzZmTKY8AwgbEGA1UdIwSBqTCBpoAUdVgA2CTNbQWg
/GHtVe7HDcH/Ci2hgYqkgYcwgYQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cx
DzANBgNVBAcTBlN5ZG5leTENMAsGA1UEChMEQVNJQzEkMCIGA1UECxMbSVRTQiBl
QnVzaW5lc3MgU3lzdGVtcyBUZWFtMSEwHwYDVQQDExhlQnVzaW5lc3MgRGV2ZWxv
cG1lbnQgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEAM3NVo4i+ndGqddZAtGxqpeE0
dWondUaN3DV+0CpQFYfH3cblGtnTkQdgUFbBxrDrFvIuoYZWv2X1zYl3SAFbF91U
WFxklCCmU9POoeB+j4fDqN+H69eAUZUz2vVHcLVePhNJhm64lYAhA83Rodv/sj6c
vxkxeg9xtdlZXGrmKik=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDN88relq2o8Bi8ey/W/44t+ieXFItxQogJx1k+q1OIjv9JDuRg
uQ4SJRFVuuHtvbFw+1eRvg3NQ8ocHhzhQtZ8+ec3IuKXnoPkD4/CwKXsYynAo5us
uoYpTfLuWFMwRu5ZCNJolHKxdsxfSsa6qHPxsSi+wbXY94xgmacJlZkKxwIDAQAB
AoGBALSKsd3dAxFkoJqh9rcnwhDmCUy00uSPqUfBPKfmcsz0ZjA6YNO1hfM8EW0w
7ZuGvgVIIGT/0YOOmJ97el+yQukp8ViYQLWidLOe/IWPzWrcK+D7gBs/sGUNakWl
Dqen6+HcUV9NBW/AvY4wWigllWx+F9fRt2Y+BLV3lO7EngsJAkEA+haLzFi4+Sdm
SPot7f2yYy366Ktqt9XbAWbWllE/Md2kt0wFI3gs85uURIf9UIrLL+JbrPRw1rzq
j94qXdE7TQJBANLSJpZougjyQG+rgbkf4BbUlfy9S8iKNDk4YfYviDQ4EJ99c5Mb
qF5ukiqnPSRNuKm5iePdFT2kB/F4mbvFjGMCQQCPjqmpH7TusQMyGQqMdvkTna1O
KjgUVxpkb5f2qaTRBx4qaeT5O17yZ/hwbm+m8EU6s4FUguzTF5a+BxXizNxxAkEA
qZZxggbGuBGfsfTmCnRQwCzMZp4jyzMZpXnsm6xKxa7f+FxjT1AtVaFepT8Y2Q5I
YQemm40p3AcKeL2J9VmJfwJAHTf41K9iQlbQEyq8LMF7EQ7IqwmOlebh86qJPVqE
Fv9xZRAOzxG/ZgsXImMvWEUabqcIoXA7i9CZOJNg/kvKdw==
-----END RSA PRIVATE KEY-----

以下是预期的数字签名

RbcEYwvJgpONLxtaJxiL2XbFC/xJVwzamJN/2dkowulp7JYHAsNR/ktEcloDhM0G
5VIPQpCu2vqLf74i2VS5Whwz3nChauSGUC8Zl6qB4SqbYfV0bk/pT3mPMrdK/keu
g8U4nFa3ufW4pFslxW87IsglbZ0IlsnlPTJObg5Ku+M=

以下是我的数字签名的输出:

OmpyizRj+4t27PoEMVlLxyYt6LGzyaKXsoXtZoTxd26PXfxYSeiflvAkhSIZNIn0 
zwNNnnC1t3BI25aOdItrKcSbNXKHtnnGpqpLWb6cFfLC3Q8DZpEAV/RrHPBCUNsK 
b8/u5CK7KRARyQWNDkWZLgnDg0G4hnlph7bwBTJW0Gs=

以下是我用来生成数字签名的PHP代码:

$fp = fopen(getcwd() . "certificate.pem", "rb");
$priv_key = fread($fp, 30000);
fclose($fp);

$pkeyid = openssl_get_privatekey($priv_key);

openssl_sign($message, $signature, $pkeyid, OPENSSL_ALGO_MD5);

openssl_free_key($pkeyid);

$base64_signature = base64_encode($signature);

变量$ message包含我拥有的文本/字符串。

我也试过

openssl dgst -md5 message.txt | openssl rsautl -sign -inkey certificate.pem | openssl enc -base64 -out base64_signature.txt

要生成数字签名,但仍然有不同的输出。

我也读过这篇文章,我不确定我们是否尝试做同样的事情,我们的数据似乎是相同的,尽管我们在测试数据上使用了不同的名称。

Digital Signature with wrong value

真的需要帮助,我仍然不确定我做错了什么。

任何帮助将不胜感激。非常感谢。

*注意:编辑fopen有" rb"而不只是" r"。

what's the differences between r and rb in fopen

*注意:编辑也试图这样做:

shell_exec("openssl dgst -md5 message.txt | openssl rsautl -sign -inkey certificate.pem | openssl enc -base64 -out base64_signature.txt");

shell_exec("openssl dgst -md5 -sign certificate.pem message.txt | openssl enc -base64 -out base64_signature.txt");

然后使用fopen检索输出,并且fread也没有工作。

0 个答案:

没有答案