dragon321723 2018-04-04 01:12
浏览 321

如何使用使用SecKey概念在iOS中生成的openssl_verify验证php中的签名

my iOS app, written in swift, generates a key pair using SecKeyCreateRandomKey for private key (with kSecAttrKeyTypeRSA and 2048 bits attributes), and SecKeyCopyPublicKey to retrieve the public key. I use SecKeyCreateSignature to sign my data, using the private key.

I convert the signature into a string: signature?.base64EncodedString()

I convert the public key SecKey structure to string, using SecKeyCopyExternalRepresentation and convert that to key.base64EncodedString().

I send (using HTTP POST and JSON) the data, the public key and the signature to my server. Server stores this info in a database.

Later, some other instance of my app queries the server, and the server responds with the relevant data, signature and the public key.

On the trip back from server, I restore the public key SecKey structure with SecKeyCreateWithData, and then the App verifies the data, using the signature and the public key using SecKeyVerifySignature (with .rsaSignatureMessagePKCS1v15SHA512 algo)

This works flawlessly. Sign, send, store ... request, retrieve, verify. I know, therefore, I have no issues shipping data back and forth, no issues in having the core Apple security functions work ... on the app side. However:

I'm having difficulty verifying the signature on the PHP side. Ideally, I'd like to verify the signature, data, public key, at various points in my PHP server logic. My attempts at using openssl_verify have failed. I tried (reading from a db):

$signature = base64_decode($row["signature"]);
$publicKey = $row["publicKey"];
$tA = $row["colA"];
$tB = $row["colB"];

$data = $tA . $tB;
$key = "-----BEGIN PUBLIC KEY----- " . $publicKey . " -----END PUBLIC KEY-----";
 $ok = openssl_verify($data, $signature, $key, OPENSSL_ALGO_SHA512);

I'm not sure I'm doing this right, and I can't get past the "coerce" error message, openssl_verify(): supplied key param cannot be coerced into a public key...

While the documentation claims _verify function specifically allows the $key to be also passed as string of the key, there are no examples provided. All examples deal with files and certs, etc. I have the key loaded into the string, I am providing the "armor" iOS did not generate -- what am I missing? Help is appreciated.

  • 写回答

2条回答 默认 最新

  • dongzi3434 2018-04-04 17:07
    关注

    I have found a workaround (but, still looking for openssl_verify solution). I found a php library called phpseclib. I installed it (macos) using composer and included it:

    require 'vendor/autoload.php';
use phpseclib\Crypt\RSA;

    I then replaced the one openssl_verify code line with:

    $rsa = new RSA();
$rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
$rsa->setHash('sha512');
$rsa->loadKey("-----BEGIN PUBLIC KEY-----
" . trim($publicKey) . "
-----END PUBLIC KEY-----");
$ok = $rsa->verify($data, $signature);

    Works like a charm. If someone shows me how to do this using openssl_verify I will gladly migrate. I saw some noise about this library going obsolete.

    评论

报告相同问题?

悬赏问题

  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)