使用 nodejs 验证 RSA 签名(使用 phpseclib 签名)
Verifying a RSA signature with nodejs (signed with phpseclib)
我正在尝试将支付网关集成到我的 nodejs 应用程序中。付款完成后,网关将用户重定向到我的站点并显示付款结果。结果是 RSA 签名的,我需要使用支付网关提供的 public 密钥对其进行验证。
以下是支付网关提供的签名验证示例PHP代码。
<?php
include 'Crypt/RSA.php';
$rsa = new Crypt_RSA();
$payment = base64_decode($_POST ["payment"]);
$signature = base64_decode($_POST ["signature"]);
$publickey = "-----BEGIN PUBLIC KEY----- SOMEKEYSOMEKEYSOMEKEYSOMEKEYSOMEKEYSOMEKEYSOMEKEY -----END PUBLIC KEY-----";
$rsa->loadKey($publickey);
$signature_status = $rsa->verify($payment, $signature) ? TRUE : FALSE;
echo $signature_status;
?>
PHP代码使用以下加密库进行签名验证。
https://github.com/phpseclib/phpseclib
我尝试了示例 php 代码并且它有效。
我尝试在 node-rsa 库的帮助下通过以下方式验证签名。
const NodeRSA = require('node-rsa');
const decryptionKey = new NodeRSA(PUBLIC_KEY);
decryptionKey.setOptions({signingScheme: 'pss-sha1'});
module.exports.handlePaymentCallback = function (req, res, next) {
const signature = Buffer.from(req.body.signature, 'base64').toString();
const payment = Buffer.from(req.body.payment, 'base64').toString();
let result = decryptionKey.verify(payment, signature);
}
但是签名验证失败。我尝试将 signingScheme 更改为各种可能的方案(pss-sha256、pkcs1-sha256、pkcs1-sha1 等),但它不起作用。
我也尝试过使用 nodejs 加密库,但仍然失败。
const constants = process.binding('constants').crypto;
const crypt = require('crypto');
module.exports.handlePaymentCallback = function (req, res, next) {
const signature = Buffer.from(req.body.signature, 'base64').toString();
const payment = Buffer.from(req.body.payment, 'base64').toString();
const verifier = crypt.createVerify('RSA-SHA1');
verifier.update(new Buffer('' + payment, 'utf8'));
const options = {key: PUBLIC_KEY};
let result = verifier.verify(options, signature);
}
有谁知道如何做到这一点?
我发现了问题。我不必要地调用了 toString() 的签名和支付缓冲区。当 toString() 被删除时,它起作用了。
const NodeRSA = require('node-rsa');
const decryptionKey = new NodeRSA(PUBLIC_KEY);
decryptionKey.setOptions({signingScheme: 'pss-sha1'});
module.exports.handlePaymentCallback = function (req, res, next) {
const signature = Buffer.from(req.body.signature, 'base64');
const payment = Buffer.from(req.body.payment, 'base64');
let result = decryptionKey.verify(payment, signature);
}
我正在尝试将支付网关集成到我的 nodejs 应用程序中。付款完成后,网关将用户重定向到我的站点并显示付款结果。结果是 RSA 签名的,我需要使用支付网关提供的 public 密钥对其进行验证。
以下是支付网关提供的签名验证示例PHP代码。
<?php
include 'Crypt/RSA.php';
$rsa = new Crypt_RSA();
$payment = base64_decode($_POST ["payment"]);
$signature = base64_decode($_POST ["signature"]);
$publickey = "-----BEGIN PUBLIC KEY----- SOMEKEYSOMEKEYSOMEKEYSOMEKEYSOMEKEYSOMEKEYSOMEKEY -----END PUBLIC KEY-----";
$rsa->loadKey($publickey);
$signature_status = $rsa->verify($payment, $signature) ? TRUE : FALSE;
echo $signature_status;
?>
PHP代码使用以下加密库进行签名验证。
https://github.com/phpseclib/phpseclib
我尝试了示例 php 代码并且它有效。
我尝试在 node-rsa 库的帮助下通过以下方式验证签名。
const NodeRSA = require('node-rsa');
const decryptionKey = new NodeRSA(PUBLIC_KEY);
decryptionKey.setOptions({signingScheme: 'pss-sha1'});
module.exports.handlePaymentCallback = function (req, res, next) {
const signature = Buffer.from(req.body.signature, 'base64').toString();
const payment = Buffer.from(req.body.payment, 'base64').toString();
let result = decryptionKey.verify(payment, signature);
}
但是签名验证失败。我尝试将 signingScheme 更改为各种可能的方案(pss-sha256、pkcs1-sha256、pkcs1-sha1 等),但它不起作用。
我也尝试过使用 nodejs 加密库,但仍然失败。
const constants = process.binding('constants').crypto;
const crypt = require('crypto');
module.exports.handlePaymentCallback = function (req, res, next) {
const signature = Buffer.from(req.body.signature, 'base64').toString();
const payment = Buffer.from(req.body.payment, 'base64').toString();
const verifier = crypt.createVerify('RSA-SHA1');
verifier.update(new Buffer('' + payment, 'utf8'));
const options = {key: PUBLIC_KEY};
let result = verifier.verify(options, signature);
}
有谁知道如何做到这一点?
我发现了问题。我不必要地调用了 toString() 的签名和支付缓冲区。当 toString() 被删除时,它起作用了。
const NodeRSA = require('node-rsa');
const decryptionKey = new NodeRSA(PUBLIC_KEY);
decryptionKey.setOptions({signingScheme: 'pss-sha1'});
module.exports.handlePaymentCallback = function (req, res, next) {
const signature = Buffer.from(req.body.signature, 'base64');
const payment = Buffer.from(req.body.payment, 'base64');
let result = decryptionKey.verify(payment, signature);
}