產生的簽名和數據我在openssl_verify()
使用PHP openssl_verify()函數來驗證通過Android客戶端APP
瞭解後我想問一下其中一些涉及到openssl_verify()
問題。
因爲我的PHP代碼,無法驗證從Java創建簽名......
對於服務器端,這是我的PHP代碼
<?php
$data =$_POST['data'];
$signature=$_POST['sig'];
$pub_key=$_POST['pubkey'];
function print_input()
{
global $data;
global $signature;
global $pub_key;
////////////////////////////////////////////////////////////////
// I output the public key to file, and check it to make sure they
// are in correct pem format.
///////////////////////////////////////////////////////////////
$f=fopen("./Personnel_Pubkey/pubkey.pem", "w");
fwrite($f,"$pub_key");
fclose($f);
$key = openssl_pkey_get_public ("./Personnel_Pubkey/pubkey.pem");
// doesn't work if you use PEM format public key, only works with X.509 format
// certificate, and cert and private key in PEM format.
$result=openssl_public_decrypt ($signature, $data, $key);
////////////////////////////////////////////////////////////////
$sig=base64_decode($signature);
// for some reason, the value of $ok is always 0
$ok = openssl_verify($data, $sig, $key);
if ($ok == 1) {
echo "good";
}
elseif ($ok == 0) {
echo "bad";}
else {
echo "ugly, error checking signature";
}
}
print_input();
?>
對於客戶端的Android APP,這裏的代碼的相關部分:
// create public key and private key pair
keyGen = KeyPairGenerator.getInstance("DSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
keyGen.initialize(1024, random);
// Generate the Pair of Keys The final step is to generate the key pair
// and to store the keys in PrivateKey and PublicKey objects.
pair = keyGen.generateKeyPair();
priv = pair.getPrivate();
pub = pair.getPublic();
// Change to PEM format from original openssl format
stringWriter = new StringWriter();
PEMWriter pemWriter = new PEMWriter(stringWriter);
pemWriter.writeObject(pair.getPublic());
pemWriter.close();
// initialize the signature
sig = Signature.getInstance("SHA1withDSA");
sig.initSign(priv);
// this is the original data
String msg = "original msg";
OriginalMsgByteArray = msg.getBytes();
// put original data to signature
sig.update(OriginalMsgByteArray);
// sign the data, and get the byte array of signature
byte[] realSig = sig.sign();
// change the binary to base64 format
signatureB = new String(Base64.encode(realSig));
基本上,我上傳msg
,signatureB
和stringWriter.toString()
這3個參數,PHP服務器,但似乎並不工作....這裏是我的PEM文件內容:
-----BEGIN PUBLIC KEY-----
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAJ6ZIDqo1sh4pVzK8kUUA8SPxWva3sVH
hrK0D86q+xpD11qhzlw28vLnZNLSq7MaPyUNKRLZL2D3x/e4fkILf7IBh6BdfOlo
dI3CtAQ5Xqfw0aU8UZ35H8HlkrvrTu3qw/Ilb9wcc8Ag9C73TzuG6URK65fgvPK2
oN9MdDlVJztNAhUAkI2VBs/8eHWoG7RBCyTqyVyCwXMCgYBFj9BXduZIhDBGkoub
bLwGWI6zkmC8Xel1jsRFFaRtPVS08li+SQ/XSzekidY6NP3lmYwj/kC9biG9x3mW
c5hELzOVGvLM94y1KksGC+v89M99Tlrx4zVqpajRCFDyPzJQWB/HO493q6J4HwmP
1/ihdtk5THRGmPkx2uSgLKWlJAOBhQACgYEAirx5dLO2EG71ZFnUQ7FtU8FCVOYW
VgZRP9SLqH8Ig5nnwmg5XFSpngzNvQ8FcWRKZkKFxYoo2j7lmQN9gl5O5cKPtuqj
KecFAJA4/0y3jPzM/+1dTizM6n3WLReH2xlS6OOY5EZQmpWB//qepgTT9GUGPyOL
ampB86OjNSicv0Y=
-----END PUBLIC KEY-----
你能更詳細地描述什麼似乎不起作用嗎?你有錯誤信息或類似的東西?另外,您能否請您發佈一些Android應用程序實際發送到服務器的示例輸出?請通過編輯將它們添加到您的問題 - 謝謝! – likeitlikeit 2013-05-11 18:13:16