问题
how can i generate valid signature and how to sign request body with my private key me already try code like this but the result always signature not valid is there any other way? before asking me already searching google for solved the problem but me not yet have a corret answer
function mgAccount(){
$url = "http://aaaa.com";
$getFields = [
"oaa_id" => 838,
];
$data_string = json_encode($getFields);
$sign = createPrivateAndPublicKey($data_string);
$header = array();
$header[] = "Content-Type: application/json";
$header[] = "Accept: application/json";
$header[] = "Signature: $sign";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
$output = curl_exec($ch);
curl_close($ch);
return json_decode($output,true);
}
function createPrivateAndPublicKey($data)
{
// import your private key
$privateKeyId = openssl_pkey_get_private(file_get_contents('private.pem'));
// sign date with your private key
openssl_sign($data, $signature, $privateKeyId, 'RSA-SHA256');
// encode into base64
$sign = base64_encode($signature);
// you may free up memory after, but I wouldn't recommend, since you are going to make many requests
and sign each of them.
// importing key from file each time isn't brightest idea
openssl_free_key($privateKeyId);
// importing public key
$pub_key = openssl_pkey_get_public(file_get_contents('public.pem'));
// verifying signature for $data and imported public key
// note that signature firstly was decoded from base64
$valid = openssl_verify($data, base64_decode($sign), $pub_key, 'RSA-SHA256');
if ($valid == 1){
echo "signature is valid \n";
} else {
echo "signature is NOT valid \n";
}
// same thing about freeing of key
openssl_free_key($pub_key);
}
回答1:
my best guess: your private key doesn't match your public key.
when i run this specific code:
$private_key = <<<'EOD'
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;
$public_key = <<<'EOD'
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;
$data="test";
$privateKeyId = openssl_pkey_get_private($private_key);
// sign date with your private key
openssl_sign($data, $signature, $privateKeyId, 'RSA-SHA256');
// encode into base64
$sign = base64_encode($signature);
// you may free up memory after, but I wouldn't recommend, since you are going to make many requests and sign each of them.
// importing key from file each time isn't brightest idea
openssl_free_key($privateKeyId);
// importing public key
$pub_key = openssl_pkey_get_public($public_key);
// verifying signature for $data and imported public key
// note that signature firstly was decoded from base64
$valid = openssl_verify($data, base64_decode($sign), $pub_key, 'RSA-SHA256');
if ($valid == 1){
echo "signature is valid \n";
} else {
echo "signature is NOT valid \n";
}
// same thing about freeing of key
openssl_free_key($pub_key);
it outputs signature is valid so the problem is probably your key pair. (PS createPrivateAndPublicKey is a stupid name for a function that doesn't create anything..)
also your curl code is very confused, as createPrivateAndPublicKey is a void function, it doesn't return anything, so when you do
$sign = createPrivateAndPublicKey($data_string);
$header[] = "Signature: $sign";
you're assigning $sign to NULL and when you to add NULL to a string, nothing happens, so the header you set is just Signature: (blank)
来源:https://stackoverflow.com/questions/61427156/how-can-i-make-valid-signature-php-openssl