在PHP中,我想用PSS填充和SHA512摘要对一些文档进行签名.
In PHP, I want to sign some documents with a padding of PSS, and a digest of SHA512.
根据文档,位于 www.php/manual/en/function.openssl-sign.php ,我可以根据需要设置摘要,方法是使用字符串,例如
According to the docs, at www.php/manual/en/function.openssl-sign.php, I can set the digest however I need, by using a string, such as
openssl_sign($text-to-sign,$binary_signature,$privkey,"sha512");但是,我看不到任何设置填充的方法.
I don't see any way to set the padding, however.
有人可以帮我理解我如何使用RSA-PSS填充样式(如PKCS#1的2.1版中所示)对文本进行签名吗?
Can anyone please help me understand how I can sign text, using the RSA-PSS padding style, as seen in version 2.1 of PKCS #1?
推荐答案我和您有相同的需求,但是在2019年(我想我们现在有更好的库了;)
I had the same needs as you, but in 2019 (I assume we got better libraries now ;)
您已经发现,方法是使用 phpseclib ,该版本现在在Debian Stretch中为2.0版
As you already discovered, the way is using phpseclib, which is now at version 2.0 in Debian Stretch.
这是我用于使用8192 RSA密钥,PSS填充和SHA512哈希函数对一些二进制数据进行签名的代码:
This is the code I used to sign some binary data, using a 8192 RSA key, with PSS padding and a SHA512 hash function:
require "/usr/share/php/phpseclib/autoload.php"; use phpseclib\Crypt\RSA; // INPUT DATA $privkey = "..."; // I used a RSA private key in PEM format, generated by openssl, but phpseclib supports many formats... $mydata = "..."; // I generated some binary bytes here... // SIGNING $rsa = new RSA(); if ($rsa->loadKey($privkey) != TRUE) { echo "Error loading private key"; return; } $rsa->setHash("sha512"); $rsa->setMGFHash("sha512"); // This NEEDS to be set, or the default will be used $rsa->setSignatureMode(RSA::SIGNATURE_PSS); // This doesn't need to be set, as it is already the default value $signatureBytes = $rsa->sign($mydata);$ signatureBytes 是一个 binary 字符串(或一个字节数组,正如您在C/C ++/C#中所称的那样).它没有任何编码,并且可能包含NULL字节.这是您想要的签名.
$signatureBytes is a binary string (or an array of bytes, as you call it in C/C++/C#). It doesn't have any encoding, and may contain NULL bytes. This is your wanted signature.
侧面说明:几乎需要安装php-gmp,否则您的签名时间会很痛苦.此处有一些基准.
Side note: it's nearly required to insall php-gmp, or you'll get painfully slow signing times. Here there are some benchmarks.
openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigoptrsa_pss_saltlen:-1-验证pubkey.pem -signature signature.binplaintextdata.dat
openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify pubkey.pem -signature signature.bin plaintextdata.dat
详细地, -sigopt rsa_pss_saltlen:-1 告诉 openssl 使用与哈希算法大小匹配的盐长度.(这是Microsoft API所做的,并且没有办法改变这种行为)
In detail, the -sigopt rsa_pss_saltlen:-1 tells openssl to use a salt length that matches the hashing algorithm size. (this is what the Microsoft APIs do, and there's no way to change that behavior)
为了能够在.NET世界中使用RSA公钥而不使用任何其他库,您需要首先使用openssl将其以BLOB格式导出:
In order to be able to use the RSA public key in the .NET world, without using any other library, you need first to export it in BLOB format using openssl:
openssl rsa -pubin -inform PEM -in pubkey.pem -outform"MS PUBLICKEYBLOB" -out pubkey.blob
openssl rsa -pubin -inform PEM -in pubkey.pem -outform "MS PUBLICKEYBLOB" -out pubkey.blob
然后,您需要使用新的 RSACng CryptoProvider的.NET 4.6.
Then, you need .NET 4.6, with the new RSACng CryptoProvider.
这就是代码:
// Import the public key (as BLOBDATA) RSACryptoServiceProvider^ rsaCsp = gcnew RSACryptoServiceProvider(); rsaCsp->ImportCspBlob(pubkey); RSAParameters rsaParams = rsaCsp->ExportParameters(false); RSA^ rsa = gcnew RSACng(); rsa->ImportParameters(rsaParams); array<Byte>^ dataBytes = ...; array<Byte>^ signatureBytes = ...; bool signIsValid = rsa->VerifyData(dataBytes, signatureBytes, HashAlgorithmName::SHA512, RSASignaturePadding::Pss);更多推荐
有什么方法可以在PHP中生成PSS填充签名?
发布评论