2

我有以下验证证书的 php 函数:

<?php

function raven_check_sig($data, $sig) {
    $key_path = '/path/to/pubkey.crt';
    $key_crt = file_get_contents($key_path);
    $key = openssl_get_publickey($key_crt);

    $result = openssl_verify($data, base64_decode($sig), $key);

    openssl_free_key($key);

    if ($result == 1) {
        return TRUE;
    } else {
        return FALSE;
    }
}

我正在将我的应用程序移植到 node.js,但我不知道如何实现这个功能。

我努力了:

function checkSignature(data, sig, kid) {
  var keyPath = '/path/to/pubkey.crt';
  var key = fs.readFileSync(keyPath);

  var verifier = crypto.createVerify('RSA-SHA256');
  verifier.update(data);
  var res = verifier.verify(key, sig, 'base64');

  if (res) {
    return true;
  } else {
    return false;
  }
}

但这似乎总是回归false。我有两个问题,我认为这可能是导致失败的原因:

  1. 我不知道RSA-SHA256验证证书的算法是否正确,因为我无法弄清楚是什么openssl_verify
  2. 我不知道调用的等价物openssl_get_publickey是什么,假设我确实需要这样的东西。

该文件的内容pubkey.crt是:

-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDELMAkGA1UEBhMCR0Ix
EDAOBgNVBAgTB0VuZ2xhbmQxEjAQBgNVBAcTCUNhbWJyaWRnZTEgMB4GA1UEChMX
VW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxKDAmBgNVBAsTH0NvbXB1dGluZyBTZXJ2
aWNlIFJhdmVuIFNlcnZpY2UxGzAZBgNVBAMTElJhdmVuIHB1YmxpYyBrZXkgMjAe
Fw0wNDA4MTAxMzM1MjNaFw0wNDA5MDkxMzM1MjNaMIGcMQswCQYDVQQGEwJHQjEQ
MA4GA1UECBMHRW5nbGFuZDESMBAGA1UEBxMJQ2FtYnJpZGdlMSAwHgYDVQQKExdV
bml2ZXJzaXR5IG9mIENhbWJyaWRnZTEoMCYGA1UECxMfQ29tcHV0aW5nIFNlcnZp
Y2UgUmF2ZW4gU2VydmljZTEbMBkGA1UEAxMSUmF2ZW4gcHVibGljIGtleSAyMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/9qcAW1XCSk0RfAfiulvTouMZKD4j
m99rXtMIcO2bn+3ExQpObbwWugiO8DNEffS7bzSxZqGp7U6bPdi4xfX76wgWGQ6q
Wi55OXJV0oSiqrd3aOEspKmJKuupKXONo2efAt6JkdHVH0O6O8k5LVap6w4y1W/T
/ry4QH7khRxWtQIDAQABo4H8MIH5MB0GA1UdDgQWBBRfhSRqVtJoL0IfzrSh8dv/
CNl16TCByQYDVR0jBIHBMIG+gBRfhSRqVtJoL0IfzrSh8dv/CNl16aGBoqSBnzCB
nDELMAkGA1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxEjAQBgNVBAcTCUNhbWJy
aWRnZTEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxKDAmBgNVBAsT
H0NvbXB1dGluZyBTZXJ2aWNlIFJhdmVuIFNlcnZpY2UxGzAZBgNVBAMTElJhdmVu
IHB1YmxpYyBrZXkgMoIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GB
AFciErbr6zl5i7ClrpXKA2O2lDzvHTFM8A3rumiOeauckbngNqIBiCRemYapZzGc
W7fgOEEsI4FoLOjQbJgIrgdYR2NIJh6pKKEf+9Ts2q/fuWv2xOLw7w29PIICeFIF
hAM+a6/30F5fdkWpE1smPyrfASyXRfWE4Ccn1RVgYX9u
-----END CERTIFICATE-----
4

1 回答 1

3

原来正确的算法是 SHA1:

function checkSignature(data, sig) {
  var keyPath = '/path/to/pubkey.crt';
  var key = fs.readFileSync(keyPath);

  var verifier = crypto.createVerify('SHA1');
  verifier.update(data);
  var res = verifier.verify(key, sig, 'base64');

  if (res) {
    return true;
  } else {
    return false;
  }
}

所以现在一切正常:)

于 2013-02-20T15:40:56.947 回答