JWT计算签名SHA256withRSA

I'm trying to

Sign the UTF-8 representation of the input using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the API console. The output will be a byte array.

so let's take Header and Claim set and put them into array

{"alg":"RS256","typ":"JWT"}.
{
  "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
  "scope":"https://www.googleapis.com/auth/prediction",
  "aud":"https://accounts.google.com/o/oauth2/token",
  "exp":1328554385,
  "iat":1328550785
}

just like Service Account: Computing the Signature

JSON Web Signature (JWS) is the specification that guides the mechanics of generating the signature for the JWT. The input for the signature is the byte array of the following content:

{Base64url encoded header}.{Base64url encoded claim set}

so I build array just to test that

  $seg0 = array(
    "alg" => "RS256",
    "typ" => "JWT"
  );
  $seg1 = array(
    "iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
    "scope" => "https://www.googleapis.com/auth/prediction",
    "aud" => "https://accounts.google.com/o/oauth2/token",
    "exp" => 1328554385,
    "iat" => 1328550785
  );

  $segs = array(
    json_encode($seg0),
    stripslashes(json_encode($seg1))
  );
  $segments = array(
    rtrim(strtr(base64_encode($segs[0]), '+/', '-_'), '='),
    rtrim(strtr(base64_encode($segs[1]), '+/', '-_'), '='),
  );

Here it is. THe first 2 arrays encode successful.

Output
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ

I go forward and encode the signature

The signature must then be Base64url encoded. The signature is then concatenated with a ‘.’ character to the end of the Base64url representation of the input string. The result is the JWT. It should be the following:
{Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}

  $signature = makeSignedJwt($segments);
  //$signature = makeSignedJwt($segs);
  echo $signature .'<br /><br />';
  $segments[] = rtrim(strtr(base64_encode($signature), '+/', '-_'), '=');
  echo '<pre>'; print_r($segments); echo '</pre>';  

function makeSignedJwt($segments)
{
    $data = implode('.', $segments);
    if (!openssl_sign($data, $signature, privateKey, "sha256"))
    {
        exit("Unable to sign data");
    }
    return $signature;
}

Output
    Array
(
    [0] => eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
    [1] => eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ
    [2] => xFS6iZdJku5RKJ5_XdH3W5A8e9V3wsaFeQhAXoJtuxzW-xvqZq1CdEJJAo60VvK1UFONElVf_pthezEyz-eyWsoRGVZFibUQBaKXLI8eR28eFlaCAKH7bKh820uR7IwuRx4xr8MPmnC8so9u9TEY153gkU6Mz9e--pQPlcLlGY
)

Must be missing something..

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

duanbi2760 2017-04-10 02:06

关注

I'm not sure what your question is, but the following worked for me:

//helper function
function base64url_encode($data) { 
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
}

//Google's Documentation of Creating a JWT: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

//{Base64url encoded JSON header}
$jwtHeader = base64url_encode(json_encode(array(
    "alg" => "RS256",
    "typ" => "JWT"
)));
//{Base64url encoded JSON claim set}
$now = time();
$jwtClaim = base64url_encode(json_encode(array(
    "iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
    "scope" => "https://www.googleapis.com/auth/prediction",
    "aud" => "https://www.googleapis.com/oauth2/v4/token",
    "exp" => $now + 3600,
    "iat" => $now
)));
//The base string for the signature: {Base64url encoded JSON header}.{Base64url encoded JSON claim set}
openssl_sign(
    $jwtHeader.".".$jwtClaim,
    $jwtSig,
    $your_private_key_from_google_api_console,
    "sha256WithRSAEncryption"
);
$jwtSig = base64url_encode($jwtSig);

//{Base64url encoded JSON header}.{Base64url encoded JSON claim set}.{Base64url encoded signature}
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$jwtSig;

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

JWT计算签名SHA256withRSA php
2012-08-05 17:16

回答 1 已采纳 I'm not sure what your question is, but the following worked for me: //helper function function b
Firebase JWT：签名验证失败 php
2016-02-29 18:30

回答 1 已采纳 You don't need $secretKey or base64_decode the key for that matter, just do: $jwt = \Firebase\JWT
php Curl在标题中获取JWT php
2019-04-01 17:40

回答 2 已采纳 i need enable CURLOPT_HEADER => true in my array
常见签名算法之SHA256withRSA
2021-07-29 10:57

马拉萨的春天的博客概述在https://blog.csdn.net/chinoukin/article/details/100934995章节中，我介绍了用Hmac...而我们知道jwt是由三部分组成，其中第三部分就是数字签名了，而springcloud的oauth2中的默认jwt签名算法为SHA256wi...
PHP Laravel 5.7 Tymon / jwt-auth无法安装 laravel php
2018-12-23 02:08

回答 2 已采纳 It would be nice to get this released soon you can just using this "tymon/jwt-auth": "dev-develop
PHP怎么使用jwt生成 token并且验证 php
2021-12-01 13:06

回答 2 已采纳第一账号密码登录获取tokenJWT需要composer安装下，然后调用 $jwt_config = [ 'iss' => config('jwt.iss'), //签发者可选
如果发生JWT异常，如何重定向 laravel php
2019-04-27 23:27

回答 1 已采纳 You could check the token using a middleware: class CheckTokenMiddleware { public function ha
php rsa2解密,PHP RSA2 加密、解密、签名、验证签名
2021-04-22 19:16

Yao Wu的博客 RSA2 标准算法名称 SHA256WithRSA1、RSA非对称加密技术2、SHA256 是SHA-2下细分出的一种算法SHA-2，名称来自于安全散列算法2(英语：Secure Hash Algorithm 2)的缩写，一种密码散列函数算法标准，由美国国家安全局...
（Golang）JWT签名验证问题
2016-03-11 21:16

回答 1 已采纳 It's the Base64 encoding of the signature which can have the last letter changed to certain target
如何验证JWT签名？
2013-04-24 08:51

回答 2 已采纳 this is what I ended up doing (using https://github.com/dgrijalva/jwt-go): package XXX import (
Laravel jwt使用组外的中间件 php
2018-05-03 09:14

回答 1 已采纳 Oops, seems I forgot to remove the "cors" from my RouteServiceProvider.php protected function map
使用国密（SM3WithSM2）对jwt进行签名
2020-10-15 21:12

0x2015的博客文章目录环境背景介绍国密系列简要介绍实操1、首先去git上把开源项目拉下来2、关于曲线参数修改3、生成证书4、引入pom5、签名验签思路6、编码7、...以往使用的签名算法大都是HS256（HMAC with SHA-256）、RS256（RSAS
正确使用JWT和Angular 2 angular php
2017-10-23 09:22

回答 1 已采纳 Observable.map just maps the resolved response, it will not start the request. You always need to
php rsa2 签名与解密,PHP RSA2 加密、解密、签名、验证签名
2021-03-17 07:34

易个小小钡原子的博客 RSA2 标准算法名称 SHA256WithRSA1、RSA非对称加密技术2、SHA256 是SHA-2下细分出的一种算法SHA-2，名称来自于安全散列算法2(英语：Secure Hash Algorithm 2)的缩写，一种密码散列函数算法标准，由美国国家安全局...
PHP与JAVA的签名与验签比较
2016-10-06 20:32

楼仔的博客最近在做一个项目，由于我们的开发语言是php，业务方的语言是java，进行签名和验签时两边需要保持一致，这就需要两种生成的签名和验签方法完全相同，摸索了一天，总算是明白两种开发语言在这个只是点上的不同之处。...
没有解决我的问题, 去提问

悬赏问题

¥15 用PLC设计纸袋糊底机送料系统
¥15 simulink仿真中dtc控制永磁同步电机如何控制开关频率
¥15 用C语言输入方程怎么
¥15 网站显示不安全连接问题
¥15 github训练的模型参数无法下载
¥15 51单片机显示器问题
¥20 关于#qt#的问题：Qt代码的移植问题
¥50 求图像处理的matlab方案
¥50 winform中使用edge的Kiosk模式
¥15 关于#python#的问题：功能监听网页

码龄粉丝数原力等级 --

JWT计算签名SHA256withRSA

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

JWT计算签名SHA256withRSA

1条回答 默认 最新

悬赏问题

1条回答默认最新