我不知道我做错了什么,或者我只是没想过。我想签署一些文本并在此之后立即验证。我正在使用phpseclib的RSA签名算法。它工作但现在我想测试如果我改变之前签署的文本,验证是否失败。它不应该验证文本,因为它与原始文本不同。所以我写了一些代码并测试了10次。算法验证签名4次,失败6次。这不是很奇怪吗? 这是我的代码。基本上我创建了一个公钥/私钥对,只使用了phpseclib中的函数。
<?php
include('Crypt/RSA.php');
$private_key = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCmGJj20JA2taFPLjnxSuD8sUFwWnVQU7iECgdmmmKy5IDGx4Hv
P4ZxHOVVlqxVnz7lbvxhJahWVmBrHV9vj6w+9khaxo6j4Q7dZvDHt9VhgFyODy8M
V97X8Le2WZuRzINhNziYptGIX9hPbSxl5IEFY7Mcev3NF0IswVtn8+Oy+QIDAQAB
AoGASzST/h1NTxhKY7nAjpqi6Iex45dxyt89irunwjNhQTLphBfNo3CWBR1aUbiZ
a2NhbS0lpS8R25XcrmNsVO0uxdCpVnHwzuQLI61kv9Bu8i1/TpCG8yGGSU4+gi7x
12y943RkNYMqg8X0esupMTx4xhaHlTBt/dhAe7yB9nK1haECQQDQ/P2XcCXkO+lH
cImjhx9BjL8TdXUeZmbsMEmHJM7pqtYEybdjf2zTBqOOmehkczCTeWQD074xFqrW
K707lRLlAkEAy3WTTKFSwjGy2JC+iym+Yp5biYGwsAL3zXj6y0k1BHIWOoc59GrO
tpbUBMXmX7g6g/KZ8VkboW0xtnoyVPU6hQJBALYDgQGBxR6QJ03274kix9AZOtlB
tS0y1nTiYUd4gVT1Wsx0umnHswnfgFdUKBhEUow+byL+KWkrasJ4+aiI3xkCQEPp
K9BxLIF7OzoEHkWvGkgqmV0td79YTkQ8NGH0PokMV5UTm+mUWQkjEQPC1qFuicGP
EYk4d/uKygQhh3lKHU0CQHUmD9ch6POTOnBIt67EhQ8Dt/nIQqnjYOWi+x5xLT0T
zORMLod6pO16USOk1nNk6FtCxlsbQTsaaEZ6xw3WsMQ=
-----END RSA PRIVATE KEY-----
EOD;
$public_key = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmGJj20JA2taFPLjnxSuD8sUFw
WnVQU7iECgdmmmKy5IDGx4HvP4ZxHOVVlqxVnz7lbvxhJahWVmBrHV9vj6w+9kha
xo6j4Q7dZvDHt9VhgFyODy8MV97X8Le2WZuRzINhNziYptGIX9hPbSxl5IEFY7Mc
ev3NF0IswVtn8+Oy+QIDAQAB
-----END PUBLIC KEY-----
EOD;
$rsa = new Crypt_RSA();
$rsa->loadKey($private_key);
$plaintext = 'Beer';
$signature = $rsa->sign($plaintext);
$rsa->loadKey($public_key);
$plaintext = '';
var_dump($rsa->verify($plaintext, $signature)); //should always fail but doesn't
?>
答案 0 :(得分:0)
试试最新的Git版本。这可能就是这个错误:
https://github.com/phpseclib/phpseclib/commit/ee25c73a448d24f8658e074e90d8811774678d93
引用日志,
“ - 修复签名验证(感谢Richard Odekerken!)”。