php openssl_verify,openssl_verify的用法!?

最新推荐文章于 2021-04-05 21:14:20 发布
最新推荐文章于 2021-04-05 21:14:20 发布
阅读量485 收藏
点赞数
文章标签: php openssl_verify

openssl_verify openssl_verify的用法是什么?

我想知道他的三个参数分别传递什么值!

回复讨论(解决方案)

$pub_key_id 毫无悬疑是公钥!其他两个参数$data 和 $signature分别表示什么意思?

$signature公钥加密生成的数据,$data原始数据

$fp = fopen("pem公钥", "r");

$cert = fread($fp, 8192);

fclose($fp);

$pub_key_id = openssl_get_publickey($cert);

$signature公钥加密生成的数据,$data原始数据

你是说$signature 是$pub_key_id 加密生成的?如何加密?

这个一般可以不管。

已经解决了!

在网上找了个类,可以。

* @copyright Copyright (c) 2010, Mike Green

* @license http://opensource.org/licenses/gpl-2.0.php GPLv2

*/

/**

* If viewSource is in the request string, show the source, luke.

if (isset($_REQUEST['viewSource'])) {

die(highlight_file(__FILE__));

}

*/

class OpensslVerifyAPI {

/**

* Extract signature from der encoded cert.

* Expects x509 der encoded certificate consisting of a section container

* containing 2 sections and a bitstream. The bitstream contains the

* original encrypted signature, encrypted by the public key of the issuing

* signer.

* @param string $der

* @return string on success

* @return bool false on failures

*/

function extractSignature($der=false) {

if (strlen($der) < 5) { return false; }

// skip container sequence

$der = substr($der,4);

// now burn through two sequences and the return the final bitstream

while(strlen($der) > 1) {

$class = ord($der[0]);

$classHex = dechex($class);

switch($class) {

// BITSTREAM

case 0x03:

$len = ord($der[1]);

$bytes = 0;

if ($len & 0x80) {

$bytes = $len & 0x0f;

$len = 0;

for ($i = 0; $i < $bytes; $i++) {

$len = ($len << 8) | ord($der[$i + 2]);

}

}

return substr($der,3 + $bytes, $len);

break;

// SEQUENCE

case 0x30:

$len = ord($der[1]);

$bytes = 0;

if ($len & 0x80) {

$bytes = $len & 0x0f;

$len = 0;

for($i = 0; $i < $bytes; $i++) {

$len = ($len << 8) | ord($der[$i + 2]);

}

}

$contents = substr($der, 2 + $bytes, $len);

$der = substr($der,2 + $bytes + $len);

break;

default:

return false;

break;

}

}

return false;

}

/**

* Get signature algorithm oid from der encoded signature data.

* Expects decrypted signature data from a certificate in der format.

* This ASN1 data should contain the following structure:

* SEQUENCE

* SEQUENCE

* OID (signature algorithm)

* NULL

* OCTET STRING (signature hash)

* @return bool false on failures

* @return string oid

*/

function getSignatureAlgorithmOid($der=null) {

// Validate this is the der we need...

if (!is_string($der) or strlen($der) < 5) { return false; }

$bit_seq1 = 0;

$bit_seq2 = 2;

$bit_oid = 4;

if (ord($der[$bit_seq1]) !== 0x30) {

die('Invalid DER passed to getSignatureAlgorithmOid()');

}

if (ord($der[$bit_seq2]) !== 0x30) {

die('Invalid DER passed to getSignatureAlgorithmOid()');

}

if (ord($der[$bit_oid]) !== 0x06) {

die('Invalid DER passed to getSignatureAlgorithmOid');

}

// strip out what we don't need and get the oid

$der = substr($der,$bit_oid);

// Get the oid

$len = ord($der[1]);

$bytes = 0;

if ($len & 0x80) {

$bytes = $len & 0x0f;

$len = 0;

for ($i = 0; $i < $bytes; $i++) {

$len = ($len << 8) | ord($der[$i + 2]);

}

}

$oid_data = substr($der, 2 + $bytes, $len);

// Unpack the OID

$oid = floor(ord($oid_data[0]) / 40);

$oid .= '.' . ord($oid_data[0]) % 40;

$value = 0;

$i = 1;

while ($i < strlen($oid_data)) {

$value = $value << 7;

$value = $value | (ord($oid_data[$i]) & 0x7f);

if (!(ord($oid_data[$i]) & 0x80)) {

$oid .= '.' . $value;

$value = 0;

}

$i++;

}

return $oid;

}

/**

* Get signature hash from der encoded signature data.

* Expects decrypted signature data from a certificate in der format.

* This ASN1 data should contain the following structure:

* SEQUENCE

* SEQUENCE

* OID (signature algorithm)

* NULL

* OCTET STRING (signature hash)

* @return bool false on failures

* @return string hash

*/

function getSignatureHash($der=null) {

// Validate this is the der we need...

if (!is_string($der) or strlen($der) < 5) { return false; }

if (ord($der[0]) !== 0x30) {

die('Invalid DER passed to getSignatureHash()');

}

// strip out the container sequence

$der = substr($der,2);

if (ord($der[0]) !== 0x30) {

die('Invalid DER passed to getSignatureHash()');

}

// Get the length of the first sequence so we can strip it out.

$len = ord($der[1]);

$bytes = 0;

if ($len & 0x80) {

$bytes = $len & 0x0f;

$len = 0;

for ($i = 0; $i < $bytes; $i++) {

$len = ($len << 8) | ord($der[$i + 2]);

}

}

$der = substr($der, 2 + $bytes + $len);

// Now we should have an octet string

if (ord($der[0]) !== 0x04) {

die('Invalid DER passed to getSignatureHash()');

}

$len = ord($der[1]);

$bytes = 0;

if ($len & 0x80) {

$bytes = $len & 0x0f;

$len = 0;

for ($i = 0; $i < $bytes; $i++) {

$len = ($len << 8) | ord($der[$i + 2]);

}

}

return bin2hex(substr($der, 2 + $bytes, $len));

}

/**

* Determine if one cert was used to sign another

* Note that more than one CA cert can give a positive result, some certs

* re-issue signing certs after having only changed the expiration dates.

* @param string $cert - PEM encoded cert

* @param string $caCert - PEM encoded cert that possibly signed $cert

* @return bool

*/

function isCertSigner($certPem=null,$caCertPem=null) {

if (!function_exists('openssl_pkey_get_public')) {

die('Need the openssl_pkey_get_public() function.');

}

if (!function_exists('openssl_public_decrypt')) {

die('Need the openssl_public_decrypt() function.');

}

if (!function_exists('hash')) {

die('Need the php hash() function.');

}

if (empty($certPem) or empty($caCertPem)) { return false; }

// Convert the cert to der for feeding to extractSignature.

$certDer = $this->pemToDer($certPem);

if (!is_string($certDer)) { die('invalid certPem'); }

// Grab the encrypted signature from the der encoded cert.

$encryptedSig = $this->extractSignature($certDer);

if (!is_string($encryptedSig)) {

die('Failed to extract encrypted signature from certPem.');

}

// Extract the public key from the ca cert, which is what has

// been used to encrypt the signature in the cert.

$pubKey = openssl_pkey_get_public($caCertPem);

if ($pubKey === false) {

die('Failed to extract the public key from the ca cert.');

}

// Attempt to decrypt the encrypted signature using the CA's public

// key, returning the decrypted signature in $decryptedSig. If

// it can't be decrypted, this ca was not used to sign it for sure...

$rc = openssl_public_decrypt($encryptedSig,$decryptedSig,$pubKey);

if ($rc === false) { return false; }

// We now have the decrypted signature, which is der encoded

// asn1 data containing the signature algorithm and signature hash.

// Now we need what was originally hashed by the issuer, which is

// the original DER encoded certificate without the issuer and

// signature information.

$origCert = $this->stripSignerAsn($certDer);

if ($origCert === false) {

die('Failed to extract unsigned cert.');

}

// Get the oid of the signature hash algorithm, which is required

// to generate our own hash of the original cert. This hash is

// what will be compared to the issuers hash.

$oid = $this->getSignatureAlgorithmOid($decryptedSig);

if ($oid === false) {

die('Failed to determine the signature algorithm.');

}

switch($oid) {

case '1.2.840.113549.2.2': $algo = 'md2'; break;

case '1.2.840.113549.2.4': $algo = 'md4'; break;

case '1.2.840.113549.2.5': $algo = 'md5'; break;

case '1.3.14.3.2.18': $algo = 'sha'; break;

case '1.3.14.3.2.26': $algo = 'sha1'; break;

case '2.16.840.1.101.3.4.2.1': $algo = 'sha256'; break;

case '2.16.840.1.101.3.4.2.2': $algo = 'sha384'; break;

case '2.16.840.1.101.3.4.2.3': $algo = 'sha512'; break;

default:

die('Unknown signature hash algorithm oid: ' . $oid);

break;

}

// Get the issuer generated hash from the decrypted signature.

$decryptedHash = $this->getSignatureHash($decryptedSig);

// Ok, hash the original unsigned cert with the same algorithm

// and if it matches $decryptedHash we have a winner.

$certHash = hash($algo,$origCert);

return ($decryptedHash === $certHash);

}

/**

* Convert pem encoded certificate to DER encoding

* @return string $derEncoded on success

* @return bool false on failures

*/

function pemToDer($pem=null) {

if (!is_string($pem)) { return false; }

$cert_split = preg_split('/(-----((BEGIN)|(END)) CERTIFICATE-----)/',$pem);

if (!isset($cert_split[1])) { return false; }

return base64_decode($cert_split[1]);

}

/**

* Obtain der cert with issuer and signature sections stripped.

* @param string $der - der encoded certificate

* @return string $der on success

* @return bool false on failures.

*/

function stripSignerAsn($der=null) {

if (!is_string($der) or strlen($der) < 8) { return false; }

$bit = 4;

$len = ord($der[($bit + 1)]);

$bytes = 0;

if ($len & 0x80) {

$bytes = $len & 0x0f;

$len = 0;

for($i = 0; $i < $bytes; $i++) {

$len = ($len << 8) | ord($der[$bit + $i + 2]);

}

}

return substr($der,4,$len + 4);

}

}

/**

* HTML form starts here...

*/

$this->answer = 'Enter PEM Encoded Certificates for the Issuer and Subject '

. 'and click Submit. Include the entire certificates, including '

. 'the BEGIN CERTIFICATE and END CERTIFICATE lines.';

/*

if (isset($_POST['subjectPem']) and isset($_POST['issuerPem'])) {

if (strlen($_POST['subjectPem']) > 0 and strlen($_POST['issuerPem']) > 0) {

$rc = isCertSigner($_POST['subjectPem'],$_POST['issuerPem']);

if ($rc === true) {

$answer = 'The issuer cert DID sign the subject cert.';

} else {

$answer = 'The issuer cert DID NOT sign the subject cert.';

}

}

}

*/

?>

本文原创发布php中文网,转载请注明出处,感谢您的尊重!

宋五柳
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
PHP OPENSSL 函数手册翻译备查 -- openssl_verify
雷锋精神
05-13 2556
openssl_verify (PHP 4 >= 4.0.4, PHP 5) openssl_verify — 验证签名 说明 int openssl_verify ( string $data , string $signature , mixed $pub_key_id [, mixed $signature_alg = OPENSSL_ALGO_SHA1 ]
Openssl verify命令
weixin_34357267的博客
07-24 688
一、简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA   二、语法 openssl verify [-CApath directory] [-CAfile file] [-purpose purpose] [-policy arg] [-verify_depth depth] [-ignore_critical] [-iss...
php中openssl verify,PHP: openssl_verify - Manual
weixin_27127993的博客
04-05 108
Anbybody trying to get a Win32 CryptoAPI based digital signature component to work with the openssl_verify() function should be aware that the CryptoAPI PKCS1 (RSA) method uses bytes in reverse order ...
php openssl_verify,PHP中使用OpenSSL下openssl_verify验证签名案例详解
weixin_42501033的博客
03-17 628
$json = '{"sign":"myYCvJqsDJUNX67qJnklrVY025oSQmm4D4bIVdHZQzihV+G8G848MmAAatAxCDuCmJbenI0jRZk7p22HjFT0nRykEeSmTExiT+Jx7\/2GQn5grEA3qd7i9gCPz\/E7+n9mleukLuJoXeceVp626c4gLZTKiPPcmbsJIfwfNexCBZXb2B7Omcgv...
php openssl_verify,php使用openssl_verify验证签名实例程序
weixin_39572409的博客
03-17 390
/*** 验证签名* TobeVerified 待验证签名的密文* PlainText 待验证签名的明文* CertFile 签名者公钥证书* return 验证成功返回true,失败返回false(从LastErrMsg属性获取失败原因)*/function VerifyMsg($TobeVerified, $PlainText, $CertFile,$signature_alg=OPEN...
test_rsa.rar_RSA_verify_openssl_rsa_rsa verify_verify_rsa
09-23
在描述中提到的“openssl rsa pubkey verify”则指使用OpenSSL工具来验证RSA公钥签名的过程。标签进一步确认了这个主题涉及RSA验证、OpenSSL、以及可能的自定义`rsa_verify`和`verify_rsa`函数或脚本。 RSA是一种非...
Rsa.rar_RSA openssl_openssl rsa_openssl rsa c_rsa
09-19
4. 数字签名:利用私钥进行签名,使用`RSA_sign()`函数,然后使用公钥验证签名,使用`RSA_verify()`函数。 5. 数据存储:密钥和证书通常需要被安全地存储和管理,这可能涉及到PEM或DER格式的编码和解码。 6. 错误...
OpenSSL-include-and-Lib.rar_openssl_openssl lib_openssl lib
09-23
在ARM设备上使用OpenSSL时,必须确保使用的库是针对该平台编译的,否则可能会出现兼容性问题。 总结起来,这个压缩包提供的是C++开发OpenSSL应用所需的头文件和特定平台(ARM)的库文件,帮助开发者在项目中集成和...
ssl.tar.gz_python openssl_证书_证书验证
09-24
本教程将围绕“ssl.tar.gz”压缩包,讲解如何使用Python和OpenSSL工具来创建、管理和验证SSL/TLS证书。 首先,我们了解下SSL/TLS证书的基本概念。证书是一个包含公钥、身份信息以及签发者信息的数据文件,用于证明...
ssl.zip_c ssl_c语言 openssl_linux openssl_site:www.pudn.com
09-19
在C语言环境中,开发人员通常使用OpenSSL库来构建安全的网络应用程序。 **SSL客户端(ssl_client.c)** SSL客户端程序是与服务器建立安全连接的一端。在C语言中,它主要涉及以下步骤: 1. 初始化OpenSSL库:调用`...
php verify,php 使用openssl_verify验证签名实例程序
weixin_35457696的博客
03-11 454
/*** 验证签名* TobeVerified 待验证签名的密文* PlainText 待验证签名的明文* CertFile 签名者公钥证书* return 验证成功返回true,失败返回false(从LastErrMsg属性获取失败原因)*/function VerifyMsg($TobeVerified, $PlainText, $CertFile,$signature_alg=OPENSSL...
OpenSSL命令---verify
热门推荐
VitalityShow(网络通讯)
11-21 1万+
该命令是证书验证工具
php verify,PHP 'openssl_verify()'缓冲区溢出漏洞
weixin_33223159的博客
03-11 90
发布日期:2012-07-23更新日期:2012-07-24受影响系统:PHP PHP 6.0描述:--------------------------------------------------------------------------------BUGTRAQ ID: 54622PHP 是一种 HTML 内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入H...
php openssl_verify,PHP中使用OpenSSL下openssl_verify验证签名案例
weixin_29053577的博客
03-17 794
//demo$json = '{"sign":"myYCvJqsDJUNX67qJnklrVY025oSQmm4D4bIVdHZQzihV+G8G848MmAAatAxCDuCmJbenI0jRZk7p22HjFT0nRykEeSmTExiT+Jx7\/2GQn5grEA3qd7i9gCPz\/E7+n9mleukLuJoXeceVp626c4gLZTKiPPcmbsJIfwfNexCBZXb2B...
php 使用pem密匙,phpopenssl_verify():提供的密钥参数不能强制转换为.pem文件的公钥...
weixin_29421255的博客
04-02 370
目前正在尝试读取.pem公钥以通过openssl进行验证./*** Check whether the signed message sent back by the server is* correct or not.*/function check($str, $MAC){$fp = fopen(dirname(__FILE__) . '/rsa_public_key.pem','r');$c...
php的openssl sign,php openssl_sign签名与openssl_verify校验使用实例
weixin_39606177的博客
03-11 1905
语法:openssl_sign(“要签名的数据”,”签名后返回来的数据”,”签名的私钥”)openssl_verify((“要签名的数据”, ”签名后返回来的数据”,”签名的公钥”, $signature_alg = OPENSSL_ALGO_SHA1) { }返回的是0,即签名不正确,返回1,表示签名验证通过事先要有对应的公私钥$private_key_pem="-----BEGIN PRIVA...
【OpenSSL】OpenSSL之MD5
C/C++软件工程师、嵌入式软件工程师、物联网研发工程师、C/C++讲师、物联网讲师、嵌入式讲师---欢迎大家一起交流(私信添加博主微信)
10-21 4176
00. 目录 文章目录00. 目录01. MD5简介02. 发展历史03. MD5应用场景04. OpenSSL中MD505. MD5测试代码06. 附录 01. MD5简介 MD5信息摘要算法(英语:MD5 Message-Digest Algorithm),一种被广泛使用的哈希算法,可以产生出一个128位(16字节)的散列值(hash value),用于确保信息传输完整一致。MD5由美国密码学...
php verify,openssl_verify
weixin_33747775的博客
03-11 79
[#3]mikey at badpenguins dot com [2010-06-06 21:04:45]Ispentdaysscouringthephpopenssldocumentationtryingtofigureouthowtodowhatsoundslikeasimpletask-giventwoPEMencodedcertific...
php openssl_verify
最新发布
06-06
`openssl_verify` 是 PHP 中用于验证签名的函数,常用于验证传输过程中的数据完整性和真实性。 函数原型如下: ...接收方使用 `openssl_verify` 函数验证签名数据,以确保接收到的数据是完整的和真实的。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值