In the past two days, I have not done anything related to a payment interface. I encountered some problems during the signing and verification process. first generate a 1024-bit private key: opensslgenrsa-outprivate.pem1024 and then export the openssl extension of the public key opensslrsa-inprivate.pem-pubout-outpublic.pemphp according to the Private Key
In the past two days, I have not done anything related to a payment interface. I encountered some problems during the signing and verification process. first, generate a 1024-bit private key: openssl genrsa-out private. pem 1024 then export the Public Key openssl rsa-in private according to the private key. pem-pubout-out public. openssl extension of pem php
In the past two days, I have not done anything related to a payment interface. I encountered some problems during the signing and verification process.
First, a 1024-bit private key is generated:
openssl genrsa -out private.pem 1024
Then export the public key based on the private key
openssl rsa -in private.pem -pubout -out public.pem
The openssl extension of php has encapsulated the signature and signature verification methods, namely openssl_sign and openssl_verify.
function sign($data){ $p = openssl_pkey_get_private(file_get_contents('private.pem')); openssl_sign($data, $signature, $p); openssl_free_key($p); return bin2hex($signature);}function verify($data, $sign){ $p = openssl_pkey_get_public(file_get_contents('public.pem')); $verify = openssl_verify($data, hex2bin($sign), $p); openssl_free_key($p); return $verify > 0;}
The actual situation is that the test interface does not provide the public/private key, but provides the public/private key index and module. the java RSAPrivateKeySpec and RSAPublicKeySpec are used to sign and verify the signature. Then a jar is written and called using the command line:
package org;import java.math.BigInteger;import java.security.KeyFactory;import java.security.PrivateKey;import java.security.Signature;import java.security.spec.RSAPrivateKeySpec;import java.security.spec.RSAPublicKeySpec;/** * @author eslizn * */public class SignVerify { /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { if(args.length == 4 && args[0].equals("sign")){ System.out.println(Sign(args[1], new BigInteger(args[2], 16), new BigInteger(args[3], 16))); System.exit(0); } if(args.length == 5 && args[0].equals("verify")){ System.out.println(Verify(args[1], args[2], new BigInteger(args[3], 16), new BigInteger(args[4], 16)) ? "1" : "0"); System.exit(0); } } /** * Sign * * @param data * @param mod * @param exp * @return * @throws Exception */ public static String Sign(String data, BigInteger mod, BigInteger exp) throws Exception{ RSAPrivateKeySpec spec = new RSAPrivateKeySpec(mod, exp); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey signKey = keyFactory.generatePrivate(spec); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(signKey); signature.update(data.getBytes()); return byteArray2HexString(signature.sign()); } /** * Verify * * @param data * @param sign * @param mod * @param exp * @return * @throws Exception */ public static boolean Verify(String data, String sign, BigInteger mod, BigInteger exp) throws Exception{ RSAPublicKeySpec spec = new RSAPublicKeySpec(mod, exp); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); java.security.PublicKey verifyKey = keyFactory.generatePublic(spec); Signature verifier = Signature.getInstance("SHA1withRSA"); verifier.initVerify(verifyKey); verifier.update(data.getBytes()); return verifier.verify(hexString2ByteArray(sign)); } public static byte[] hexString2ByteArray(String hexStr){ if (hexStr == null) return null; if (hexStr.length() % 2 != 0) return null; byte data[] = new byte[hexStr.length() / 2]; for (int i = 0; i < hexStr.length() / 2; i++){ char hc = hexStr.charAt(2 * i); char lc = hexStr.charAt(2 * i + 1); byte hb = hexChar2Byte(hc); byte lb = hexChar2Byte(lc); if (hb < 0 || lb < 0) return null; int n = hb << 4; data[i] = (byte)(n + lb); } return data; } public static byte hexChar2Byte(char c){ if (c >= '0' && c <= '9') return (byte)(c - 48); if (c >= 'a' && c <= 'f') return (byte)((c - 97) + 10); if (c >= 'A' && c <= 'F') return (byte)((c - 65) + 10); else return -1; } public static String byteArray2HexString(byte arr[]){ StringBuilder sbd = new StringBuilder(); byte arr$[] = arr; int len$ = arr$.length; for (int i$ = 0; i$ < len$; i$++){ byte b = arr$[i$]; String tmp = Integer.toHexString(0xff & b); if (tmp.length() < 2) tmp = (new StringBuilder()).append("0").append(tmp).toString(); sbd.append(tmp); } return sbd.toString(); }}
It is a coincidence that after writing the text, the other party asks us to generate a pair of public/private keys and then send them the public/private key index and module. sometimes some methods may be more convenient than technical implementation. the code for obtaining the public/private key index and module is attached:
Function getPrivate ($ file) {$ p = openssl_pkey_get_private (file_get_contents ($ file); $ res = encrypt ($ p); var_dump ($ res); openssl_free_key ($ p ); return array ('n' => bin2hex ($ res ['rsa '] ['n']), # modulus 'E' => bin2hex ($ res ['rsa '] ['E']), # Public Key Index 'D' => bin2hex ($ res ['rsa '] ['D']), # Private Key Index );}