0

我不知道我做错了什么,或者我只是没有考虑清楚。我想签署一些文本并在此之后立即进行验证。我正在使用 phpseclib 的 RSA 签名算法。它有效,但现在我想测试如果我更改我之前签署的文本,验证是否失败。它不应该验证文本,因为它与原始文本不同。所以我写了一些代码并测试了10次。算法验证签名 4 次,失败 6 次。这不是很奇怪吗?这是我的代码。基本上我创建了一个公钥/私钥对,并且只使用了 phpseclib 中的函数。

<?php
include('Crypt/RSA.php');

$private_key = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCmGJj20JA2taFPLjnxSuD8sUFwWnVQU7iECgdmmmKy5IDGx4Hv
P4ZxHOVVlqxVnz7lbvxhJahWVmBrHV9vj6w+9khaxo6j4Q7dZvDHt9VhgFyODy8M
V97X8Le2WZuRzINhNziYptGIX9hPbSxl5IEFY7Mcev3NF0IswVtn8+Oy+QIDAQAB
AoGASzST/h1NTxhKY7nAjpqi6Iex45dxyt89irunwjNhQTLphBfNo3CWBR1aUbiZ
a2NhbS0lpS8R25XcrmNsVO0uxdCpVnHwzuQLI61kv9Bu8i1/TpCG8yGGSU4+gi7x
12y943RkNYMqg8X0esupMTx4xhaHlTBt/dhAe7yB9nK1haECQQDQ/P2XcCXkO+lH
cImjhx9BjL8TdXUeZmbsMEmHJM7pqtYEybdjf2zTBqOOmehkczCTeWQD074xFqrW
K707lRLlAkEAy3WTTKFSwjGy2JC+iym+Yp5biYGwsAL3zXj6y0k1BHIWOoc59GrO
tpbUBMXmX7g6g/KZ8VkboW0xtnoyVPU6hQJBALYDgQGBxR6QJ03274kix9AZOtlB
tS0y1nTiYUd4gVT1Wsx0umnHswnfgFdUKBhEUow+byL+KWkrasJ4+aiI3xkCQEPp
K9BxLIF7OzoEHkWvGkgqmV0td79YTkQ8NGH0PokMV5UTm+mUWQkjEQPC1qFuicGP
EYk4d/uKygQhh3lKHU0CQHUmD9ch6POTOnBIt67EhQ8Dt/nIQqnjYOWi+x5xLT0T
zORMLod6pO16USOk1nNk6FtCxlsbQTsaaEZ6xw3WsMQ=
-----END RSA PRIVATE KEY-----
EOD;
$public_key = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmGJj20JA2taFPLjnxSuD8sUFw
WnVQU7iECgdmmmKy5IDGx4HvP4ZxHOVVlqxVnz7lbvxhJahWVmBrHV9vj6w+9kha
xo6j4Q7dZvDHt9VhgFyODy8MV97X8Le2WZuRzINhNziYptGIX9hPbSxl5IEFY7Mc
ev3NF0IswVtn8+Oy+QIDAQAB
-----END PUBLIC KEY-----
EOD;

$rsa = new Crypt_RSA();
$rsa->loadKey($private_key);
$plaintext = 'Beer';
$signature = $rsa->sign($plaintext);
$rsa->loadKey($public_key);
$plaintext = '';
var_dump($rsa->verify($plaintext, $signature)); //should always fail but doesn't
?>
4

1 回答 1

0

尝试最新的 Git 版本。应该是这个bug:

https://github.com/phpseclib/phpseclib/commit/ee25c73a448d24f8658e074e90d8811774678d93

引用日志,

“- 修复签名验证(感谢 Richard Odekerken!)”。

于 2012-10-17T17:01:20.533 回答