go 如何實(shí)現(xiàn)PHP RSA簽名

        $pkeyid = openssl_pkey_get_private ( $priv_key );
        openssl_sign ( $params_str, $signMsg, $pkeyid, OPENSSL_ALGO_SHA1 );
        openssl_free_key ( $pkeyid );
        $signMsg = base64_encode ( $signMsg );

請(qǐng)問(wèn)用GO如何實(shí)現(xiàn)PHP這樣的簽名我寫(xiě)的代碼如下，始終不成功

func getSing(splice string, priKey []byte) (encrypt string) {
    PEMBlock, _ := pem.Decode(priKey)
    if PEMBlock == nil {
        log.Fatal("PEM解析錯(cuò)誤")
    }
    privkey, err := x509.ParsePKCS8PrivateKey(PEMBlock.Bytes)
    if err != nil {
        log.Fatal(err)
    }
    pri, ok := privkey.(*rsa.PrivateKey)
    if ok {
        // SH256 := crypto.SHA256
        // hashed := sha256.Sum256([]byte(fmt.Sprintf("%x", sha256.Sum256([]byte(splice)))))
        // hashed := sha256.Sum256([]byte(nil))
        // sign, err := rsa.SignPKCS1v15(rand.Reader, pri, SH256, hashed[:])

        SH1 := crypto.SHA1
        // hashed := sha1.Sum([]byte(fmt.Sprintf("%x", sha1.Sum([]byte(splice)))))
        hashed := sha1.Sum([]byte(nil))
        sign, err := rsa.SignPKCS1v15(rand.Reader, pri, SH1, hashed[:])

        if err != nil {
            log.Fatal(err)
        }
        return Base64Encode(sign)
    } else {
        log.Fatal(ok)
    }
    return
}

求大家?guī)兔鉀Q，我肯定哪里錯(cuò)了，導(dǎo)致簽名不對(duì)，驗(yàn)證簽名也不對(duì)

回答

編輯回答

祈歡

你的 HASH 用法搞錯(cuò)了，請(qǐng)參考下面的代碼

/*
數(shù)字簽名示例代碼。

@author: 李毅
*/
package main

import (
    "bytes"
    "crypto"
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha512"
    "log"
)

type Demo struct {
    PriKey *rsa.PrivateKey
}

func (demo *Demo) LoadPrivateKey() {
    privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
    if err != nil {
        log.Fatal(err)
    }
    demo.PriKey = privateKey
}

// 返回 digest, signature
func (demo *Demo) Sign(message string) ([]byte, []byte) {
    messageBytes := bytes.NewBufferString(message)
    hash := sha512.New()
    hash.Write(messageBytes.Bytes())
    digest := hash.Sum(nil)

    signature, err := rsa.SignPKCS1v15(rand.Reader, demo.PriKey, crypto.SHA512, digest)
    if err != nil {
        log.Fatalf("rsa.SignPKCS1v15 error: %v\n", err)
    }
    return digest, signature
}

func (demo *Demo) Check(digest, signature []byte) bool {
    err := rsa.VerifyPKCS1v15(&demo.PriKey.PublicKey, crypto.SHA512, digest, signature)
    if err != nil {
        log.Printf("rsa.VerifyPKCS1v15 error: %V\n", err)
        return false
    }
    return true
}

func main() {
    demo := &Demo{}
    demo.LoadPrivateKey()
    digest, signature := demo.Sign("hi")
    if demo.Check(digest, signature) {
        log.Printf("signature is good")
    } else {
        log.Printf("signature is bad")
    }
}

2017年3月7日 06:08

編輯回答