1. 首页
  2. 问答
  3. 使用php验证数字签名

使用php验证数字签名

2014-09-11 154 views
1

我有一封经过数字签名的电子邮件。使用php验证数字签名

电子邮件:

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 

The below email has been digitally signed for test purposes. We will 
now go on and save this signed email in our dms system. 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v2.0.22 (MingW32) 
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ 

iQEcBAEBAgAGBQJTnwd9AAoJEEWjhuB1kNr9dQcH/2YeZlHEfK/KOPg8XhpOY+4l 
3camfFVya8JIzLHsOzhhdSqIItDr7VlGDrjrMgPPiD1abyy9zhcqZ18Kh8sUuFJV 
/TA434rrnMJC0xmSzXl4uo+UagyNyCjzwR4TFCGP4Ob6SzPl/jxfrcfO5yXEdF1I 
X6wgQUmnb3ZLczdPVXsKpwpVIGqX7diwe1CAZKxCmjZo9rr/MmDLLl7AjYq/WQDT 
uOYqXs2IasOIiTGpYrqexBpDn1qRUNiKVgFSRUTfTjYGXYij9P635WTfeE1bQrn1 
HpT9hKhipYPkFcELAor7asqAcnE0lc4Oy9NV2bUryss8ic/pkhiXvlohA3MpCDA= 
=+IbK 
-----END PGP SIGNATURE-----

公钥:

-----BEGIN PGP PUBLIC KEY BLOCK----- 
Version: GnuPG v2.0.22 (MingW32) 

mQENBFOfBmkBCAC6gH9rR185hiCADttaQeUp9Jc+4Zzx60E+ogWd33Tb1dNvK/IK 
wqpnRpYI1CHVpqX0xWy8Ylcw3rLpPJ6BUzO3hWFLRMXAIXiemV/+VKrKysgm1Xdg 
1PSAVfqmgkXLEEGGSj2OHNA0VVnl1G8AI8/SMpLqhS3PMz3X1nmBv4hLohugLla9 
AVdYp6Me5OAWfjHswkUxCvc/fSh2ufFSnFxgjUibIyn+GP5qG8Wc+GjrBzTLzjA7 
LvP198fWIHQ5w342F3WE8/9ec+1ir/a4japcFodRibXBEqltF+BXgk9pVcEXTd8O 
FCxygrnSkWioj9Qf5uyjuKfV1F7Wq/Nu5uPZABEBAAG0JkFiaGluYXYgQWdnYXJ3 
YWwgPGFiaGluYXZAdHJ1dGVjaC5vcmc+iQE/BBMBAgApBQJTnwZpAhsjBQkJZgGA 
BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQRaOG4HWQ2v2F9Af/RAKCz0uo 
xqrVe1MXqCe9ZCPSwlHGH4X4NtQbo7FTYy7K2fo9ucoKI4c2lHZA+Ef1K6BhZG34 
IlXPSwy8nhTWJl7pi/xo7gEDlnHJMJCGvQcdtm4lkp39V2cy/Y0lS9V/EYmiesIX 
tmPwwyYxo85jNsdmbjQKDTv5mcir9AebllCk2NlrxpyTO8oAnp1peHaHHq+U92e3 
ZipHEiuAvE0U6WU/fA7tHoWoUor9AUm1hE5mSsyi+do4o/YJqGEgAss62v0npcBx 
oyHoHum5XUgZ1kjvq40Mzkxo9N6vU7P7ULyt9FZylM+pk9XEqiz8IGTPW6JGiJS2 
WmhJli2Szl1xgLkBDQRTnwZpAQgA27UvNu/m61pZwTBSQAVjLNJnJTlU4yh/DxKU 
B3opw7JvvgXYB3VS9AyqSYaIJTcziCBZRewMH+WVpZwRk9SFMyeyNhuk9SGeGU9s 
vyE5dGPa/U5zpvhaqn//CMdRr+wf6XeBKjzc9eKgWMrPLhzlHZ6kzLsbRsalOd4x 
0M3aeO4SV00HFFfXVfJplNB8/zsHNNqtF5ACz9DX69p1GWJD6AAlu/s04xkkUScr 
M2B5lHm6iU6NmfP1GeTD+rOyigcOrSlAL4QGIzGDfoDJOy9UYtk+YOv8UBa3IpG0 
7sARkd+MZGUOgPWIDYQLiSi+9opFHtn4EzrvuUP3Zj1kN4ZUTwARAQABiQElBBgB 
AgAPBQJTnwZpAhsMBQkJZgGAAAoJEEWjhuB1kNr9kHoIAKnjEAiH53ZrWYuummPR 
PRztZL1K7LkxEAxQ00V+PMrg4wNlp1WW5Vl3X0jB5FqUTUmI/65MhoWa+Ucqg31c 
pUOpw5OHK/cyrsscj+gL3nknhswWcvqBNQuiB8UO7Kt89yFYysA754sADKE+nDBM 
D+kmlH4u3vvKep0hZ+gzvH3AOZDhijKJYN9zMMf/gtwZhlEm/N+yBpkP1sxcFsJ+ 
V5hduu4sqJnAcCWg3V/JXonAOZGPS/GE+wXt4Om1D/6RcBBtrBGwh/ezBFS/gSio 
vGRcFzZYRhM1rMEu82raZ3ji3X/5fOjxvhSXdrajG3LX8s2gCk+a0nGDi3MYs5l0 
p14= 
=cn4r 
-----END PGP PUBLIC KEY BLOCK-----

我想用PHP编写一个程序,它会验证数字签名。我有发件人的公钥。我尝试从this site下载GnuPG库,但没有下载。

有没有其他办法?我应该怎么做?任何帮助将不胜感激。

来源

2014-09-11 Tushar Wagh

+0

嗯,我还没有尝试过这个,看看http://php.net/manual/en/function.openssl-verify.php这可能会帮助你 – 2014-09-11 04:42:34

+1

只需从PHP调用命令行'gpg' 。 – mario 2014-09-11 04:44:53

+0

@mario我从命令行调用gpg。当我使用'gpg --version'命令使用exec()函数时,它会返回数组,但是当我尝试导入或验证时,它会返回空数组。有任何想法吗? – 2014-09-11 07:14:01

回答

1

PHP已经带来了module for interfacing GnuPG,这相当容易使用。

GnuPG必须已经安装,通常在Linux服务器上,在Windows机器上我听说让PHP与GnuPG一起运行相当困难。

对于验证签名,使用gnupg_verify(...),例如从PHP连接文档:

<?php 
$plaintext = ""; 
$gpg = new gnupg(); 
// clearsigned 
$info = $gpg -> verify($signed_text,false,$plaintext); 
print_r($info); 
// detached signature 
$info = $gpg -> verify($signed_text,$signature); 
print_r($info); 
?>

你将不得不import the signer's public key验证之前,如果没有完成。

来源

2014-09-11 08:16:52

相关问题

 相关问题