使用PHP openssl_verify（）函數來驗證通過Android客戶端APP

Question

產生的簽名和數據我在openssl_verify()

瞭解後我想問一下其中一些涉及到openssl_verify()問題。

因爲我的PHP代碼，無法驗證從Java創建簽名......

對於服務器端，這是我的PHP代碼

<?php 
$data =$_POST['data']; 
$signature=$_POST['sig']; 
$pub_key=$_POST['pubkey']; 

function print_input() 
{ 
    global $data; 
    global $signature; 
    global $pub_key; 
//////////////////////////////////////////////////////////////// 
// I output the public key to file, and check it to make sure they 
// are in correct pem format. 
/////////////////////////////////////////////////////////////// 
$f=fopen("./Personnel_Pubkey/pubkey.pem", "w"); 
fwrite($f,"$pub_key"); 
fclose($f); 
$key = openssl_pkey_get_public ("./Personnel_Pubkey/pubkey.pem"); 

// doesn't work if you use PEM format public key, only works with X.509 format 
// certificate, and cert and private key in PEM format. 
$result=openssl_public_decrypt ($signature, $data, $key); 

//////////////////////////////////////////////////////////////// 
$sig=base64_decode($signature); 

// for some reason, the value of $ok is always 0 
$ok = openssl_verify($data, $sig, $key); 

if ($ok == 1) { 
    echo "good"; 
} 
elseif ($ok == 0) { 
    echo "bad";} 
else { 
    echo "ugly, error checking signature"; 
    } 
} 

print_input(); 

?> 

對於客戶端的Android APP，這裏的代碼的相關部分：

// create public key and private key pair 
keyGen = KeyPairGenerator.getInstance("DSA"); 
SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); 
keyGen.initialize(1024, random); 

// Generate the Pair of Keys The final step is to generate the key pair 
// and to store the keys in PrivateKey and PublicKey objects. 
pair = keyGen.generateKeyPair(); 
priv = pair.getPrivate(); 
pub = pair.getPublic(); 

// Change to PEM format from original openssl format  
stringWriter = new StringWriter(); 
PEMWriter pemWriter = new PEMWriter(stringWriter); 
pemWriter.writeObject(pair.getPublic()); 
pemWriter.close(); 

// initialize the signature 
sig = Signature.getInstance("SHA1withDSA"); 
sig.initSign(priv); 

// this is the original data  
String msg = "original msg"; 


OriginalMsgByteArray = msg.getBytes(); 

// put original data to signature 
sig.update(OriginalMsgByteArray); 

// sign the data, and get the byte array of signature 
byte[] realSig = sig.sign(); 

// change the binary to base64 format 
signatureB = new String(Base64.encode(realSig)); 

基本上，我上傳msg，signatureB和stringWriter.toString()這3個參數，PHP服務器，但似乎並不工作....這裏是我的PEM文件內容：

-----BEGIN PUBLIC KEY----- 
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAJ6ZIDqo1sh4pVzK8kUUA8SPxWva3sVH 
hrK0D86q+xpD11qhzlw28vLnZNLSq7MaPyUNKRLZL2D3x/e4fkILf7IBh6BdfOlo 
dI3CtAQ5Xqfw0aU8UZ35H8HlkrvrTu3qw/Ilb9wcc8Ag9C73TzuG6URK65fgvPK2 
oN9MdDlVJztNAhUAkI2VBs/8eHWoG7RBCyTqyVyCwXMCgYBFj9BXduZIhDBGkoub 
bLwGWI6zkmC8Xel1jsRFFaRtPVS08li+SQ/XSzekidY6NP3lmYwj/kC9biG9x3mW 
c5hELzOVGvLM94y1KksGC+v89M99Tlrx4zVqpajRCFDyPzJQWB/HO493q6J4HwmP 
1/ihdtk5THRGmPkx2uSgLKWlJAOBhQACgYEAirx5dLO2EG71ZFnUQ7FtU8FCVOYW 
VgZRP9SLqH8Ig5nnwmg5XFSpngzNvQ8FcWRKZkKFxYoo2j7lmQN9gl5O5cKPtuqj 
KecFAJA4/0y3jPzM/+1dTizM6n3WLReH2xlS6OOY5EZQmpWB//qepgTT9GUGPyOL 
ampB86OjNSicv0Y= 
-----END PUBLIC KEY----- 

Answer 1

我在上面的代碼中看到了一些潛在的問題。

首先，根據PHP documentation，您希望在X509證書或私鑰上使用openssl_get_publickey。公鑰沒有列爲選項。

其次，您希望將文件變爲變量，然後在openssl_get_publickey方法中使用該變量。見下：

$fp = fopen("./cert.pem", "r"); 
$cert = fread($fp, 8192); 
fclose($fp); 
$key = openssl_get_publickey($cert); 

第三，$ bsig沒有在任何地方聲明或定義。

Answer 2

到現在爲止我還沒有找到一個解決方案來解決這個問題，但我找到一個方法來工作，而不是解決這個問題的周圍。如果您有同樣的問題並且沒有足夠的時間來解決這個問題，請參考this stackoverflow question link。它具有RSA算法解決方案，其簽名和公鑰由android APP生成並通過php進行驗證。但是，如果有人向我提供解決方案，我會很感激。