It seems that PHP's openssl_sign and openssl_verify functions perform hashing of the data before signing, due to size restrictions, so I've tried emulating this on the command line.
Signing via openssl:
echo "foo" | opens开发者_JS百科sl dgst -sha1 -binary | openssl rsautl -inkey priv.pem -sign > sig.bin
then verifying via PHP
$key = openssl_pkey_get_public('pub.pem');
$ver = openssl_verify( "foo\n", file_get_contents('sig.bin'), $key, OPENSSL_ALGO_SHA1 );
// $ver always 0
I've tried numerous combinations, binary and hex forms of the hash, with and without the trailing newline, and even hashing before passing into php function
My findings are that PHP's sign and verify are not interoperable with openssl's rsautl -sign and -verify options. PHP seems to add some meta data, (an extra 15 bytes) although I don't know what it means.
My solution: I am using encrypt and decrypt functions directly and handling the hashing myself.
This way, the command line -verify option is analogous to "decrypt with public key".
By the same token -sign is analogous to "encrypt with public key"
In fact, this way you can define your own signature format, for example including a date along with the hash
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论