Implement rsa signature and signature in php

Source: Internet
Author: User
Tags openssl rsa
In the past two days, I have not done anything related to a payment interface. I encountered some problems during the signing and verification process. first generate a 1024-bit private key: opensslgenrsa-outprivate.pem1024 and then export the openssl extension of the public key opensslrsa-inprivate.pem-pubout-outpublic.pemphp according to the Private Key

In the past two days, I have not done anything related to a payment interface. I encountered some problems during the signing and verification process. first, generate a 1024-bit private key: openssl genrsa-out private. pem 1024 then export the Public Key openssl rsa-in private according to the private key. pem-pubout-out public. openssl extension of pem php

In the past two days, I have not done anything related to a payment interface. I encountered some problems during the signing and verification process.

First, a 1024-bit private key is generated:

openssl genrsa -out private.pem 1024

Then export the public key based on the private key

openssl rsa -in private.pem -pubout -out public.pem

The openssl extension of php has encapsulated the signature and signature verification methods, namely openssl_sign and openssl_verify.

function sign($data){    $p = openssl_pkey_get_private(file_get_contents('private.pem'));    openssl_sign($data, $signature, $p);    openssl_free_key($p);    return bin2hex($signature);}function verify($data, $sign){    $p = openssl_pkey_get_public(file_get_contents('public.pem'));    $verify = openssl_verify($data, hex2bin($sign), $p);    openssl_free_key($p);    return $verify > 0;}

The actual situation is that the test interface does not provide the public/private key, but provides the public/private key index and module. the java RSAPrivateKeySpec and RSAPublicKeySpec are used to sign and verify the signature. Then a jar is written and called using the command line:

package org;import java.math.BigInteger;import java.security.KeyFactory;import java.security.PrivateKey;import java.security.Signature;import java.security.spec.RSAPrivateKeySpec;import java.security.spec.RSAPublicKeySpec;/** * @author eslizn * */public class SignVerify {     /**     * @param args     * @throws Exception     */     public static void main(String[] args) throws Exception {         if(args.length == 4 && args[0].equals("sign")){             System.out.println(Sign(args[1], new BigInteger(args[2], 16), new BigInteger(args[3], 16)));             System.exit(0);         }         if(args.length == 5 && args[0].equals("verify")){             System.out.println(Verify(args[1], args[2], new BigInteger(args[3], 16), new BigInteger(args[4], 16)) ? "1" : "0");             System.exit(0);         }     }     /**     * Sign     *     * @param data     * @param mod     * @param exp     * @return     * @throws Exception     */     public static String Sign(String data, BigInteger mod, BigInteger exp) throws Exception{         RSAPrivateKeySpec spec = new RSAPrivateKeySpec(mod, exp);         KeyFactory keyFactory = KeyFactory.getInstance("RSA");         PrivateKey signKey = keyFactory.generatePrivate(spec);         Signature signature = Signature.getInstance("SHA1withRSA");         signature.initSign(signKey);         signature.update(data.getBytes());         return byteArray2HexString(signature.sign());     }     /**     * Verify     *     * @param data     * @param sign     * @param mod     * @param exp     * @return     * @throws Exception     */     public static boolean Verify(String data, String sign, BigInteger mod, BigInteger exp) throws Exception{         RSAPublicKeySpec spec = new RSAPublicKeySpec(mod, exp);         KeyFactory keyFactory = KeyFactory.getInstance("RSA");         java.security.PublicKey verifyKey = keyFactory.generatePublic(spec);         Signature verifier = Signature.getInstance("SHA1withRSA");         verifier.initVerify(verifyKey);         verifier.update(data.getBytes());         return verifier.verify(hexString2ByteArray(sign));     }     public static byte[] hexString2ByteArray(String hexStr){         if (hexStr == null)             return null;         if (hexStr.length() % 2 != 0)             return null;         byte data[] = new byte[hexStr.length() / 2];         for (int i = 0; i < hexStr.length() / 2; i++){             char hc = hexStr.charAt(2 * i);             char lc = hexStr.charAt(2 * i + 1);             byte hb = hexChar2Byte(hc);             byte lb = hexChar2Byte(lc);             if (hb < 0 || lb < 0)                 return null;             int n = hb << 4;             data[i] = (byte)(n + lb);         }        return data;    }    public static byte hexChar2Byte(char c){        if (c >= '0' && c <= '9')            return (byte)(c - 48);        if (c >= 'a' && c <= 'f')            return (byte)((c - 97) + 10);        if (c >= 'A' && c <= 'F')            return (byte)((c - 65) + 10);        else            return -1;    }    public static String byteArray2HexString(byte arr[]){        StringBuilder sbd = new StringBuilder();        byte arr$[] = arr;        int len$ = arr$.length;        for (int i$ = 0; i$ < len$; i$++){        byte b = arr$[i$];        String tmp = Integer.toHexString(0xff & b);        if (tmp.length() < 2)            tmp = (new StringBuilder()).append("0").append(tmp).toString();            sbd.append(tmp);        }        return sbd.toString();    }}

It is a coincidence that after writing the text, the other party asks us to generate a pair of public/private keys and then send them the public/private key index and module. sometimes some methods may be more convenient than technical implementation. the code for obtaining the public/private key index and module is attached:

Function getPrivate ($ file) {$ p = openssl_pkey_get_private (file_get_contents ($ file); $ res = encrypt ($ p); var_dump ($ res); openssl_free_key ($ p ); return array ('n' => bin2hex ($ res ['rsa '] ['n']), # modulus 'E' => bin2hex ($ res ['rsa '] ['E']), # Public Key Index 'D' => bin2hex ($ res ['rsa '] ['D']), # Private Key Index );}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.