Comments (12)
lpilp
commented on August 14, 2024
请查 readme最下边的特别注意, $sm2 = new RtSm2('base64',true); 第二参数请设为false 试下, 还有就是可能对要签名的参数的问题 “CSCAPPUID=809131cf-af1d-4085-a3e9-926fd0e304a8&CSCPRJCOD=XFV18267&CSCUSRNBR=V000T&CSCUSRUID=11839193&CSCREQTIM=1722304884880” 一般是签名这些吧,后面那些应该不用放进去,看他们给的 java 的sdk里签名的数据是什么
from phpsm2sm3sm4.
kpsanmao
commented on August 14, 2024
感谢回复,设置false仍然提示验签失败,签名字符串是按照招行文档进行拼接的。
1.先生成签名字符串signStr,拼接规则为: "POST " + path + "\n" + "x-alb-digest: " + body字符串 + "\n" + "x-alb-timestamp: " + x-alb-timestamp对应的值。
比如:
请求接口URL为https://api.cmbchina.com/xft/apm/apm/EAIAGPAY
body参数为"{"SYCOMOPAY":[{"SESTKN":"XXXX"}]}"。
则先生成的生成字符串signStr为为:
POST /xft/apm/apm/EAIAGPAY?CSCAPPUID=XXX&CSCPRJCOD=XXX&CSCREQTIM=XXX&CSCUSRNBR=XXX&CSCUSRUID=XXXX\nx-alb-digest: {"SYCOMOPAY":[{"SESTKN":"XXXX"}]}\nx-alb-timestamp: 1657614229
他们java sdk没有源码,我看了c#的sdk是包含body的:
c# sdk中生成签名字符串代码
string signStr = "POST " + signInf.Path + "\n" + "x-alb-digest: " + requestBody + "\n" + "x-alb-timestamp: " + signInf.Timestamp;
我的php代码生成签名字符串代码:
$signStr = 'POST ' . $url . '?' . $this->flatten($config) . '\nx-alb-digest:' . $body . '\nx-alb-timestamp:' . $timestampS;
from phpsm2sm3sm4.
lpilp
commented on August 14, 2024
string signStr = "POST " + signInf.Path + "\n" + "x-alb-digest: " + requestBody + "\n" + "x-alb-timestamp: " + signInf.Timestamp;
那你用我的 test例子里的公私钥,然后用C# 签名上面的的具体信息,再用我的代码签名下同样的数据,发给我看下,
就用这一组公私钥吧:
$publicKey = '04eb4b8bbe15e3ad94b85196adc2c6f694436b3c1336170fd1daac8b10d2b8824ada9687c138fb81590e0f66ab9678161732ac0d7866b169e76b74483285f2bc04';
$privateKey = '0bc1c1d2771b64ba1922d72f8a451cd09a82176f74d975d484ec62c862176b75';
$userId = '1234567812345678';
from phpsm2sm3sm4.
lpilp
commented on August 14, 2024
刚发现一个问题,你的PHP代码中 $signStr = 'POST ' . $url . '?' . $this->flatten($config) . '\nx-alb-digest:' . $body . '\nx-alb-timestamp:' . $timestampS; 如 '\nx-alb-timestamp:' 得用双引号,
from phpsm2sm3sm4.
kpsanmao
commented on August 14, 2024
我刚才尝试运行了一下 c# sdk,发现他们返回的签名是128位的,可以验签:
c# sdk生成的要签名的字符串
POST /ORG/orgqry/common/OPORGQRA?CSCAPPUID=7366e866-ce19-40eb-8602-ae5de76d6475&CSCPRJCOD=XFV18267&CSCUSRUID=AUTO0001&CSCREQTIM=1722328133664&CSCUSRNBR=A0001 x-alb-digest: {"secretMsg":"2A574AD0457B6C19C489395DB0255654"} x-alb-timestamp: 1722328133
c# sdk对上面字符串sm2加密生成的签名,我试了几次,每次会变(会变应该是招行文档中说明的:对signStr进行SM2加签后的结果,由于计算中含有随机数,本参数仅提供加密后的校验),但是长度固定是128位的。
b888b69c69318dacaedc03b0f8c42a0ad894318f50dfaba1871de1689f15e1ec1d301ec532ae14196521979a07d52d5d2be95715f32afa556eab28ccb1446590
from phpsm2sm3sm4.
kpsanmao
commented on August 14, 2024
string signStr = "POST " + signInf.Path + "\n" + "x-alb-digest: " + requestBody + "\n" + "x-alb-timestamp: " + signInf.Timestamp;那你用我的 test例子里的公私钥,然后用C# 签名上面的的具体信息,再用我的代码签名下同样的数据,发给我看下, 就用这一组公私钥吧:
$publicKey = '04eb4b8bbe15e3ad94b85196adc2c6f694436b3c1336170fd1daac8b10d2b8824ada9687c138fb81590e0f66ab9678161732ac0d7866b169e76b74483285f2bc04'; $privateKey = '0bc1c1d2771b64ba1922d72f8a451cd09a82176f74d975d484ec62c862176b75'; $userId = '1234567812345678';
---------明文密钥签名--------------------------- 304602210082290ebce34212b489ff78bf4de93bcdcc7b3a9fa0d64ad84bae1860483c3f4e022100f81715c24bdc25e946ace71fd4ddb00e66062b22b64b71fa93ce64b12329a638
---------明文密钥验签--------------------------- bool(true)
$publicKey = '04eb4b8bbe15e3ad94b85196adc2c6f694436b3c1336170fd1daac8b10d2b8824ada9687c138fb81590e0f66ab9678161732ac0d7866b169e76b74483285f2bc04';
$privateKey = '0bc1c1d2771b64ba1922d72f8a451cd09a82176f74d975d484ec62c862176b75';
$userId = '1234567812345678';
$signStr = 'POST /ORG/orgqry/common/OPORGQRA?CSCAPPUID=7366e866-ce19-40eb-8602-ae5de76d6475&CSCPRJCOD=XFV18267&CSCUSRUID=AUTO0001&CSCREQTIM=1722328133664&CSCUSRNBR=A0001'
."\n".'x-alb-digest: {"secretMsg":"2A574AD0457B6C19C489395DB0255654"}'
."\n".'x-alb-timestamp: 1722328133';
$sm2 = new RtSm2();
echo "\n---------明文密钥签名---------------------------\n";
$sign = $sm2->doSign( $signStr, $privateKey, $userId);
print_r($sign);
echo "\n---------明文密钥验签---------------------------\n";
var_dump($sm2->verifySign( $signStr, $sign, $publicKey, $userId ));
exit;
from phpsm2sm3sm4.
lpilp
commented on August 14, 2024
理论上不太可能每次都是一样长度的,如果每次都是 128的话,说明 C# 签名生成的是 r+s 格式的, PHP生成的标准的 asn1(r,s)
格式需要一样
from phpsm2sm3sm4.
kpsanmao
commented on August 14, 2024
您好,实在不好意思麻烦您,我卡了两天了,改成r+s格式的仍然不好使,方便加一下您的联系方式帮我看看吗?我的QQ:369209726
from phpsm2sm3sm4.
kpsanmao
commented on August 14, 2024
谢谢大佬开源的包,完美解决问题,再次感谢。
from phpsm2sm3sm4.
m1183909358
commented on August 14, 2024
我这边看了上述解决办法还是为解决,需要将字符串通过sm2withsm3算法进行加密,我看过java代码是使用sm2p256v1,需要怎么解决
from phpsm2sm3sm4.
kpsanmao
commented on August 14, 2024
包是支持的,我的经验:一是检查要加签的字符串是否拼接正确,二是要确定签名的格式,扩展包默认返回的是asn1(r,s)的格式,而我对接的招行薪福通返回的是r+s的。格式的特征参考说明。
获取 Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
发件人: mengxianfengDream ***@***.***>
发送时间: Thursday, August 8, 2024 5:29:54 PM
收件人: lpilp/phpsm2sm3sm4 ***@***.***>
抄送: kpsanmao ***@***.***>; Author ***@***.***>
主题: Re: [lpilp/phpsm2sm3sm4] 对接招行使用sm3withsm2加密,按照示例写的加签方法在招行验证失败。 (Issue #80)
我这边看了上述解决办法还是为解决,需要将字符串通过sm2withsm3算法进行加密,我看过java代码是使用sm2p256v1,需要怎么解决
―
Reply to this email directly, view it on GitHub<#80 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEG7ZCFSOMMEJIVDDDAJVNTZQM3BFAVCNFSM6AAAAABLVOCAUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENZVGM3TANZYGQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
from phpsm2sm3sm4.
lpilp
commented on August 14, 2024
sm2p256v1 就是国密的sm2 椭圆,只是他们那么写而已, java里用的BC加密库的吧,它说的 sm2p256v1 就是正常的sm2 椭圆,国密椭圆就只有一个
from phpsm2sm3sm4.
Related Issues (20)
- HMAC-SM3 请问这个能否实现呢 HOT 3
- 求大佬帮看看sm2签名,java的可以通过,但是php的签名就没有办法通过,对接国家医保支付 HOT 1
- 大神你好,请问 hmac-sm3 具体怎么做呢? HOT 1
- SM4 golang 版和 php 版本加密后数据不一致,求指点 HOT 6
- 使用sm4-ecb提示Uncaught Exception: 秘钥长度为16位 HOT 2
- 求助SM2解密问题 HOT 7
- 对接招行付款码收款支付,需要对终端数据进行加密,并且在要对随机私钥进行数字信封加密,进行测试时信封加密和招行不一致,加密结果也不一致 HOT 9
- sm2 缺少文件 HOT 4
- 调用CBS8 总提示致命错误 HOT 3
- 对接招行时,对招行的数据返回进行验签时,偶现错误 ASN.1 Parser Exception at offset XX: Integer not minimally encoded HOT 2
- does not comply with psr-4 autoloading standard HOT 8
- Uncaught FG\ASN1\Exception\ParserException: ASN.1 Parser Exception HOT 5
- 对接国家医保平台的sm2withsm3的时候发现,这个签名的结果和java的签名不一致 HOT 7
- 加密无法解密 HOT 1
- Java 加密使用的是SM3withSm2,php生成签名验签不通过 HOT 9
- java代码生成的签名用php代码验签不通过 HOT 3
- java代码生成的sm2解密与php不一致, HOT 3
- 密钥 base64 转 hex 问题 HOT 8
- 对接招行需要使用SM3withSM2,sm2加密需要用sm2p256v1。 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpsm2sm3sm4.