2

我正在尝试测试我的服务器端 IAB 签名验证方法。我想使用我的公钥和私钥(不是来自 Google 的),所以我伪造收据并用 id_rsa.pub 签名:

openssl dgst -binary -sha1 -sign /Users/user/.ssh/id_rsa receipt.json | openssl base64 > signature.txt

在 php 中,我想用 openssl_verify 验证它:

$publicKey = // content of /Users/user/.ssh/id_rsa.pub

// Public key in id_rsa.pub with proper header and footer
$publicKeyFull = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($publicKey, 64, "\n") .  "-----END PUBLIC KEY-----";

// Data
$data = // content of receipt.json WITHOUT LINE BREAKS

// Public key id
$publicKeyId = openssl_get_publickey($publicKeyFull);

// Signature
$signature = // content of signature.txt generated previously

// receipt.json, signature.txt, id_rsa.public
$verified = openssl_verify($data, base64_decode($signature), $publicKeyId, OPENSSL_ALGO_SHA1);

var_dump($verified);

验证总是错误的,我得到:

Warning: openssl_verify(): supplied key param cannot be coerced into a public key in...

我的 id_rsa.pub 密钥有什么问题?

4

1 回答 1

0

您传递了 $verified 错误,因为 @the-awnry-bear 提到了相同类型的错误。

请检查以下内容:

android in app billing v3 with php

于 2016-02-11T06:08:41.880 回答