我正在用c#从客户端签名数据,然后将数据传输到php Web服务器,如果数据未被篡改,该Web服务器应该返回Verified
,但始终返回Unverified
。我使用http://phpseclib.sourceforge.net/rsa/intro.html来验证RSA数据。这是对数据进行签名的c#函数:
public string SignRSA(string privateKey,string rawData)
{
ASCIIEncoding ByteConverter = new ASCIIEncoding();
byte[] originalData = ByteConverter.GetBytes(rawData);
RSACryptoServiceProvider RSAalg = new RSACryptoServiceProvider();
RSAalg.FromXmlString(privateKey);
return Convert.ToBase64String(RSAalg.SignData(originalData,new SHA256Managed()));
}
这是验证数据的php代码:
$key = str_replace("%3c","<",$_POST['PublicKey']);
$key = str_replace("%3e",">",$key);
$key = str_replace("%3d","=",$key);
$key = str_replace("%2f","/",$key);
$key = str_replace("%2b","+",$key);
$sig = str_replace("%2f",$_POST['Signature']);
$sig = str_replace("%2b",$sig);
$rsa = new Crypt_RSA();
$rsa->loadKey($key);
$rsa->setPublicKey();
$rsa->setHash(sha256);
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_pkcs1);
//$publickey = $rsa->getPublicKey();
echo $rsa->verify(unpack("C*",$_POST["Text"]),base64_decode($sig)) ? 'verified' : 'unverified';
之所以使用所有str_replace
函数,是因为将/替换为%2f,=替换为%3d,依此类推。