为什么没有使用openssl_pkcs7_sign使用openssl_pkcs7_ignify验证消息?

时间:2015-08-01 16:18:01

标签: php openssl pkcs#7 php-openssl

签名代码基于http://php.net/openssl-pkcs7-sign的示例。私钥对应于证书中的公钥。该证书的有效期为一年前至9999年12月31日,因此日期范围不是问题。

是否需要设置密钥用法扩展名?如果这是问题那么它需要设置什么?如果情况并非如此,那么我需要做些什么才能让它发挥作用呢?

这是我的代码:

<?php
$data = <<<EOD

You have my authorization to spend $10,000 on dinner expenses.

The CEO
EOD;
// save message to file
$fp = fopen("msg.txt", "w");
fwrite($fp, $data);
fclose($fp);

$key = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCzJV1Z0UKXLkl9TrhuRR9ndtf+UpLyxduWffFiDXsruojd7B6A
XAdsnyTH+/fDpBDYBmpwnHRkh2R0OQ/0tpN6ShFcZDuBLMoNuqP3VhJZn01bjpeq
TO3Np8zYSHUrGcMv+h/f/HG1o8kKndWbAQrzj0DUOrn0Di336mULscF/gwIDAQAB
AoGACNnhwNxL8/g/fUd0aU5U/OGsTk56IDCSZt8WHAgae9CdjolqAGGLpFxAjvju
BuaGRoYaoDG6tnTSC8P9+9NBegYfzh4G2aYKtt67Qd0wgxZtIMwQjBrxPxWDEh6L
u3KkxcsA6vDuuGi7QGIpDDDvHNdqEnDWbef7jxqb5AwU9yECQQDbdDwMIJbD6F++
IpLCrbwfyhb0JOmXEyMdfin052HhaV6o/ta8KHZrUrufDh9DM/wN8Sn6Mw6ZFJ8y
A0DLhdPbAkEA0Pq3NMRyzHhMT4Jz4NfdTilbmElPsXpeG3ONd54St58y5WQ+E2f5
iC6/yG4d0YB93g6HtaB0DRjJSkAPhs4neQJBAL/zz4IcD0OUwgohW5WFOYPk1GcA
0oEecByf+jsJGIh+DhprrZAvJEWDvDDHvXiew92+ECWU+zPS4dxxE//xMvkCQQCr
7soSSNnmLcci10I9J3x1FQO9y/scGoAYd75ZPp1Jo1n9bra/wpiDGWtCHI690cg8
jJnMraEtMUpSo1fi4fOJAkBnX2woZpZvGWSTwswqGAlh1iz9+ekjY2V8TTVKcfX3
H2tHvg27KE2r/7S1N+MEcpJBF5S/zXo4hwLzrLzG3z6Y
-----END RSA PRIVATE KEY-----';

$cert = '-----BEGIN CERTIFICATE-----
MIIBwzCCASygAwIBAgIUP7VZQpJYe8YHW4Fdd+FaukIezEcwDQYJKoZIhvcNAQEF
BQAwHjEcMBoGA1UECgwTcGhwc2VjbGliIGRlbW8gY2VydDAeFw0xNTA4MDExNjA3
NDNaFw0xNjA4MDExNjA3NDNaMB4xHDAaBgNVBAoME3BocHNlY2xpYiBkZW1vIGNl
cnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMlXVnRQpcuSX1OuG5FH2d2
1/5SkvLF25Z98WINeyu6iN3sHoBcB2yfJMf798OkENgGanCcdGSHZHQ5D/S2k3pK
EVxkO4Esyg26o/dWElmfTVuOl6pM7c2nzNhIdSsZwy/6H9/8cbWjyQqd1ZsBCvOP
QNQ6ufQOLffqZQuxwX+DAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEArmQMGP2XPQTI
b0ppXGTlAqLGx979GDYeWglCLSlUYw3Ohr3Jonhs7KnhX04Y3ePVqIKuqSDvZz/D
C3Xgaiqmq0OsHtro7O0BamauKANON6bwq/YthrbeNBUoy7XZ86WsRZGSPlts7jdQ
tiqqWvr+oWxNb8WkxqVCshifjSOTlOQ=
-----END CERTIFICATE-----';


// encrypt it
openssl_pkcs7_sign(
    'msg.txt',
    'signed.txt',
    $cert,
    $key,
    array(
        'To' => 'joes@example.com',  // keyed syntax
        'From: HQ <ceo@example.com>',// indexed syntax
        'Subject" => "Eyes only'
    )
);

echo file_get_contents('signed.txt');

var_dump(openssl_pkcs7_verify('signed.txt', 0));

1 个答案:

答案 0 :(得分:2)

这是预期的行为。您有自签名证书。在您的情况下,您应该使用

set example/member[#attribute/name='dbsettings']/node[#attribute/name='username']/#CDATA anotherusername

然后可以使用自签名证书。