如何将 phpseclib 的 CRYPT_RSA_SIGNATURE_PKCS1 转换为节点
How to convert phpseclib's CRYPT_RSA_SIGNATURE_PKCS1 to node
如何将PHP的$rsa->verify函数转为节点?我像这样使用加密的验证功能:
const crypto = require('crypto');
const verify = crypto.createVerify('RSA-SHA256');
verify.update('some data to sign');
const public_key = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(verify.verify(public_key, signature));
但它总是 return 错误。当我 运行 我的数据和签名通过 php 它 return 是真的!知道我可能做错了什么吗?
php 验证函数如下所示:
function verify($message, $signature)
{
if (empty($this->modulus) || empty($this->exponent)) {
return false;
}
switch ($this->signatureMode) {
case CRYPT_RSA_SIGNATURE_PKCS1:
return $this->_rsassa_pkcs1_v1_5_verify($message, $signature);
//case CRYPT_RSA_SIGNATURE_PSS:
default:
return $this->_rsassa_pss_verify($message, $signature);
}
}
好像在用CRYPT_RSA_SIGNATURE_PKCS1。如何在node中使用?
function _rsassa_pss_verify($m, $s)
{
// Length checking
if (strlen($s) != $this->k) {
user_error('Invalid signature');
return false;
}
// RSA verification
$modBits = 8 * $this->k;
$s2 = $this->_os2ip($s);
$m2 = $this->_rsavp1($s2);
if ($m2 === false) {
user_error('Invalid signature');
return false;
}
$em = $this->_i2osp($m2, $modBits >> 3);
if ($em === false) {
user_error('Invalid signature');
return false;
}
// EMSA-PSS verification
return $this->_emsa_pss_verify($m, $em, $modBits - 1);
}
我的PHP代码:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqHweEuX181yfc0JNVzDilMU1hzias41USnFh3z/+QZOGHZrxY
Plv2WuBD6mwlJkPbr8KZ6N2MrDeblrtOKiQqufRmzO/7hSEzAMmt/BS8+QjdULbn
FlGWf0NCDyZgFS2zq/byXvdPBRB2JAO1VW6yGGtdEF+cTX6og0VQKhd6rQIDAQAB
AoGATfhcxMsTJaWjAoSiEn/AMo4vLjWC6lhjBF2d+oPdWPuzlhBTIIqsMXQjN114
5WntTgH3Sf09lZzU+72Q6VlNK3xaXF5URbyQ6fV5wUhkudHKYiV9YmgA8xaBJPxe
PWCyQUIeWAh4vKStPZH1nSQ7WD0FXS/Se74Pn+bjw2n/mOECQQDdyrJOcRZhgX2c
pv6lHtY6vmuAkoQTOBlDfAFZNuyilsPeewXJgPptsj1JbTfqVzbpCOSBWtoQF0K2
mG5nBqf5AkEAxFwnbVEVl8AS4hjCBTwyHWDRSWrYh61z/9o2PYO1Jo1XJbCt24E2
jacs4thLNANa1FArsJNkUn6oINUfwk6dVQJAGM9KwNGPolqc1YAsrgXUCwAwAFLj
aU72LIFbmUI2mD1rLaDvVcoSuWCd0G/iOFmHL+wpu3qROAmSEeDdQLMS6QJBAJE3
IcVbiN+AIbbp3lrmyJ0nY7+q79VvNnFJnIFjrQ2Ey6VJA1ppNcIOl0hv8zXVIVAQ
ti7Q4gmMN6SIWQNnBj0CQDpc55PwtHpMcBIW5+nRfIsWIePTAzy6kERTuKRO0VPP
dRlIQ1q9P4O9hXEEqR5Yg4wknQMY5VTfmpH6q5pKzzI=
-----END RSA PRIVATE KEY-----');
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash('sha256');
echo bin2hex($rsa->sign('zzz'));
我的node.js代码(使用node-rsa):
var NodeRSA = require("node-rsa");
var key = new NodeRSA("-----BEGIN PUBLIC KEY-----\n" +
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqHweEuX181yfc0JNVzDilMU1h\n" +
"zias41USnFh3z/+QZOGHZrxYPlv2WuBD6mwlJkPbr8KZ6N2MrDeblrtOKiQqufRm\n" +
"zO/7hSEzAMmt/BS8+QjdULbnFlGWf0NCDyZgFS2zq/byXvdPBRB2JAO1VW6yGGtd\n" +
"EF+cTX6og0VQKhd6rQIDAQAB\n" +
"-----END PUBLIC KEY-----");
//console.log(key.exportKey("pkcs8"));
key.setOptions("pkcs1-sh256");
var signature = "4b2149baacc8f5616b84c258f6b34526315f64bd2afdeb60967b65534a2c" +
"084b9499b902672c75e7b0cf75aca6b7aee9269abdb374d95b3a28c6c82b" +
"68961b71dd3925acb69eb028f9bc5f9537cae6c9d1f4588fa62521a210e2" +
"f8ee18deee266423de48a78b8411cb0c8fadce979fe4fc54272c0f4ab1db" +
"9d7fd35441bfb6b7";
console.log(key.verify("zzz", signature, "binary", "hex") ? "valid" : "invalid");
phpseclib 生成了签名。由于它是 PKCS#1,因此签名是确定性的,因此每次尝试生成它时都会获得相同的签名。 node.js代码中的public密钥对应PHP代码中的私钥。您可以通过在 PHP 代码中执行 echo $rsa->getPrivateKey(); 来自己验证。
node.js 代码输出 "valid" 带有 phpseclib 生成的签名,因此它可以工作。如果您更改十六进制编码的签名,您将获得 "invalid",这是验证签名验证过程的另一种方式。
如何将PHP的$rsa->verify函数转为节点?我像这样使用加密的验证功能:
const crypto = require('crypto');
const verify = crypto.createVerify('RSA-SHA256');
verify.update('some data to sign');
const public_key = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(verify.verify(public_key, signature));
但它总是 return 错误。当我 运行 我的数据和签名通过 php 它 return 是真的!知道我可能做错了什么吗?
php 验证函数如下所示:
function verify($message, $signature)
{
if (empty($this->modulus) || empty($this->exponent)) {
return false;
}
switch ($this->signatureMode) {
case CRYPT_RSA_SIGNATURE_PKCS1:
return $this->_rsassa_pkcs1_v1_5_verify($message, $signature);
//case CRYPT_RSA_SIGNATURE_PSS:
default:
return $this->_rsassa_pss_verify($message, $signature);
}
}
好像在用CRYPT_RSA_SIGNATURE_PKCS1。如何在node中使用?
function _rsassa_pss_verify($m, $s)
{
// Length checking
if (strlen($s) != $this->k) {
user_error('Invalid signature');
return false;
}
// RSA verification
$modBits = 8 * $this->k;
$s2 = $this->_os2ip($s);
$m2 = $this->_rsavp1($s2);
if ($m2 === false) {
user_error('Invalid signature');
return false;
}
$em = $this->_i2osp($m2, $modBits >> 3);
if ($em === false) {
user_error('Invalid signature');
return false;
}
// EMSA-PSS verification
return $this->_emsa_pss_verify($m, $em, $modBits - 1);
}
我的PHP代码:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqHweEuX181yfc0JNVzDilMU1hzias41USnFh3z/+QZOGHZrxY
Plv2WuBD6mwlJkPbr8KZ6N2MrDeblrtOKiQqufRmzO/7hSEzAMmt/BS8+QjdULbn
FlGWf0NCDyZgFS2zq/byXvdPBRB2JAO1VW6yGGtdEF+cTX6og0VQKhd6rQIDAQAB
AoGATfhcxMsTJaWjAoSiEn/AMo4vLjWC6lhjBF2d+oPdWPuzlhBTIIqsMXQjN114
5WntTgH3Sf09lZzU+72Q6VlNK3xaXF5URbyQ6fV5wUhkudHKYiV9YmgA8xaBJPxe
PWCyQUIeWAh4vKStPZH1nSQ7WD0FXS/Se74Pn+bjw2n/mOECQQDdyrJOcRZhgX2c
pv6lHtY6vmuAkoQTOBlDfAFZNuyilsPeewXJgPptsj1JbTfqVzbpCOSBWtoQF0K2
mG5nBqf5AkEAxFwnbVEVl8AS4hjCBTwyHWDRSWrYh61z/9o2PYO1Jo1XJbCt24E2
jacs4thLNANa1FArsJNkUn6oINUfwk6dVQJAGM9KwNGPolqc1YAsrgXUCwAwAFLj
aU72LIFbmUI2mD1rLaDvVcoSuWCd0G/iOFmHL+wpu3qROAmSEeDdQLMS6QJBAJE3
IcVbiN+AIbbp3lrmyJ0nY7+q79VvNnFJnIFjrQ2Ey6VJA1ppNcIOl0hv8zXVIVAQ
ti7Q4gmMN6SIWQNnBj0CQDpc55PwtHpMcBIW5+nRfIsWIePTAzy6kERTuKRO0VPP
dRlIQ1q9P4O9hXEEqR5Yg4wknQMY5VTfmpH6q5pKzzI=
-----END RSA PRIVATE KEY-----');
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$rsa->setHash('sha256');
echo bin2hex($rsa->sign('zzz'));
我的node.js代码(使用node-rsa):
var NodeRSA = require("node-rsa");
var key = new NodeRSA("-----BEGIN PUBLIC KEY-----\n" +
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqHweEuX181yfc0JNVzDilMU1h\n" +
"zias41USnFh3z/+QZOGHZrxYPlv2WuBD6mwlJkPbr8KZ6N2MrDeblrtOKiQqufRm\n" +
"zO/7hSEzAMmt/BS8+QjdULbnFlGWf0NCDyZgFS2zq/byXvdPBRB2JAO1VW6yGGtd\n" +
"EF+cTX6og0VQKhd6rQIDAQAB\n" +
"-----END PUBLIC KEY-----");
//console.log(key.exportKey("pkcs8"));
key.setOptions("pkcs1-sh256");
var signature = "4b2149baacc8f5616b84c258f6b34526315f64bd2afdeb60967b65534a2c" +
"084b9499b902672c75e7b0cf75aca6b7aee9269abdb374d95b3a28c6c82b" +
"68961b71dd3925acb69eb028f9bc5f9537cae6c9d1f4588fa62521a210e2" +
"f8ee18deee266423de48a78b8411cb0c8fadce979fe4fc54272c0f4ab1db" +
"9d7fd35441bfb6b7";
console.log(key.verify("zzz", signature, "binary", "hex") ? "valid" : "invalid");
phpseclib 生成了签名。由于它是 PKCS#1,因此签名是确定性的,因此每次尝试生成它时都会获得相同的签名。 node.js代码中的public密钥对应PHP代码中的私钥。您可以通过在 PHP 代码中执行 echo $rsa->getPrivateKey(); 来自己验证。
node.js 代码输出 "valid" 带有 phpseclib 生成的签名,因此它可以工作。如果您更改十六进制编码的签名,您将获得 "invalid",这是验证签名验证过程的另一种方式。