这里的PHP演示代码签名数据与私人2048位DSA密钥:
$priv_key = '-----BEGIN DSA PRIVATE KEY----- MIIDVQIBAAKCAQEA/uhSKJA6k5sSnYo+uBgi+mzJ72hqZrWgc+dNLpiiKoHsqDZ6 7kGW0J3wnhU0FxpV2SVL57SfG6dC7GvwsJYBidSEJqe3bARP8WI4yL9wm1PVTqFD 4zNkj1+zUZDWQWpJxaA8I10sJR08/WbwgD63bD6jg4JiPaowFMOrufYAW92hjANQ D7eZ+t0GXAoDB5L6q8btVRfJrGOvkdDN6eyzc7kpJEVC9g1J9Q6glnHQRIGdW4Ot ys/bpv2mGMfEykyTWhcMSLaAZ0YLTyKRfjYm8g7dCFWo3i8Fu0Jr+N3IWZI9Jgw5 lGyUSX8x89gjMsqtcOzcrjOtC51oAh+pio8jaQIhAM2VbbgAoxSSVO3Nd5y2mPiO k62rr9cCj4tNy0MtYG3rAoIBABnMeAAeJpNpe3UhmWrGSJN/nQe76FSIhV/0wsu4 Xu65tW610i+uf8t0ZDqHCrbF9LSvk6vPiBydKhOmmStCa/aJJZhCKYI9/8WgtXG8 kSvAzLTNnozSLeHkapZHJwqY1wT+qxElheXjHJBRzgXVqwB+0CeJokJYlWiaPfuN n3H1GDekuYXSFAaK4bC4TEsctQH1/403ljSbv99aXVDTVSnW0hdbokyLSPsiJjvz w6GkyEiK/j6V2dTrIRn2X2ftzbTsE+0vEenHosIzJwM8+zUrhLvVvPBARWnbmsQ/ YstGs7WERGQzkFSsuPsWCN53Os4NnBEPiYg8//Cy1EHat3ACggEAD3mqwlAaPixs Up49/HYlGqrU4e862rWY7mb5XRJ7AY9t70C5hhZrVO/DTgpGkwO0Yi/cYo6W0g// cP73Nb2KZwaiyTCet2VsXb0H/8gvi8OqlidEpormedYW1T0DoyVrw57gXF0hp0D8 scfZBg0hFM/hHlmqHPKYiZtDp5imk5TeSyIoLdyJjW8jII2ni8ryStjvZ61aAPyK VH8in3DpVANpn3MSGv1Hv1RYxaago71fVUyOkm1/pFNqBNIwBAxBIUsIPdNpjoGB bLKXDshCfdXkQJxnx80nVDslEkv10BapLqIr98uswU/bBYMduF6Xrg5pdugDG3Cw X8n3glog8QIgayYvNGvBvrDp9piq8RDg9mQJsd4IFBlpF7MnqIc749M= -----END DSA PRIVATE KEY----- '; $pkeyid = openssl_get_privatekey($priv_key); if(empty($pkeyid)){ die("Can't load key id"); } $data = $_GET['i']; // compute signature if(!openssl_sign($data, $signature, $pkeyid,OPENSSL_ALGO_SHA1)){ echo "Failed to sign data: $data"; } // free the key from memory openssl_free_key($pkeyid); echo $signature; 脚本总是在openssl_sign失败。 我没有得到任何错误或失败,只是在openssl_sign的输出FALSE和$签名是空的
我已经生成了密钥
openssl dsaparam -out dsaparam.pem 2048 openssl gendsa -out privkey.pem dsaparam.pem
什么可能是错的?
使用DSA签名时,您需要使用OPENSSL_ALGO_DSS1而不是OPENSSL_ALGO_SHA1作为哈希算法。
这个OpenSSL命令行版本的帮助文件说:
如果您希望使用DSA算法签名或验证数据,则必须使用dss1摘要。
这是OpenSSL库的特性,DSS1实际上与SHA1算法相同,但OpenSSL坚持认为,如果您使用DSA,则调用DSS1!