2012-07-06 12:49 阅读 25


I'm stuck finilizing a banklink, I get response, that my signature is wrong.

This is the signature part manual that the bank sent

Digital signature MAC is XML data hash value, encrypted with senders private key.
For hash value calculations SHA-1 algorithm is used, but for signature calculation RSA algorithm is used. Digital signature transforms to textual format using BASE64 encoding and is placed to MAC field.

And what I have build up:

// the key is loaded succesfull
private function setPrivateKey ( $key_name ) {
  $fp = fopen( $this -> getKeyLocation() . '/' . $key_name, "r" );
  $priv_key = fread( $fp, 8192 );
  fclose( $fp );
  $this -> private_key = openssl_get_privatekey( $priv_key );

// signature is created, but not the way bank expects it
private function setSignature () {
  // also tried sha1( $data, true );
  // signature contains no special chars ( meaning no UTF8 specific coding )
  $pre_mac = sha1( $this -> getXMLData() );
  openssl_sign( $pre_mac, $signature, $this -> getPrivateKey() );
  $this -> signature = $signature;

// can't be a problem here
private function setMac () {
  $this -> mac = base64_encode( $this -> getSignature() );

// this is set correctly
private function setXMLData () {
    $bank_xml = '<?xml version="1.0" ?>

    $this -> bank_xml = $bank_xml;

It seems to me that I'm not encrypting it right. Any suggestions what might be wrong? I believe I have made every step what the bank requires.

I already sent this to the bank, but they respond w/in a week or so.

PS: get functions are all set that return the set variable, I just didn't think it's necessary to post them.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dougaojue8185 dougaojue8185 2012-07-06 13:46

    Ok, fixed the problem. It seems that the bank manual is not correct ( still waiting for the answer from bank though ).

    Replaced sha1 with md5 and all became valid.

    $pre_mac = md5( $this -> getXMLData() );

    Thanx raina77ow, you pointed me to the right direction with your coment:

    did you try omitting that intermediate hashing altogether?

    点赞 评论 复制链接分享