附录 1
数字签名验证
- Java
- Node.js
- Python
- .Net
- PHP
步骤1:导入所需的包
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
步骤2:从公钥字节创建一个 PublicKey 对象
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicKeyBytes));
步骤3:创建一个 Signature 对象,并用公钥进行初始化
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(publicKey);
步骤 4:将除了 signedMessage 之外的所有参数转换为字符串,并转换为字节
response.setSequenceNo("1");
response.setSourceSystem("mxx");
response.setMsgVer("1.0");
response.setTxnID("20XX0825023XXXXX");
response.setResultCode("0");
response.setRespCd("00");
response.setOrgRespCd("00");
response.setRRN("32376300XXXX");
response.setSTAN("006XXX");
response.setAuthIdResp("945XXX");
response.setMRN("23237V6XXX");
response.setTxnDTTime("20230825143413");
response.setPaymentScheme("MC");
Gson gson = new Gson();
String jsonStr = gson.toJson(response);
byte[] messageBytes = jsonStr.getBytes();
步骤 5:使用消息字节更新签名
signature.update(messageBytes);
步骤 6:将 signedMessage 转换为字节并进行验证
boolean verified = signature.verify(signedMessageBytes);
步骤1:导入所需的包
import forge from "node-forge";
步骤2:从公钥字节创建一个 PublicKey 对象
const publicKeyPath = "key/public.key";
const fetchPublicKey = async (path) => {
try {
const response = await fetch(path);
const publicKey = await response.text();
return publicKey;
} catch (error) {
//to do ...
}
};
const publicKey = await fetchPublicKey(publicKeyPath);
const rsaPubicKey = forge.pki.publicKeyFromPem(publicKey);
步骤 3:将除了 signedMessage 之外的所有参数都作为字符串
const request = {
sequenceNo = '1',
sourceSystem = 'mxx',
MsgVer = '1.0',
TxnID = '20230825023XXXXXX',
ResultCode = '0',
RespCd = '00',
OrgRespCd = '00',
RRN = '323763006XXX',
STAN = '006XXX',
AuthIdResp = '945XXX',
MRN = '23237V6XXX',
TxnDTTime = '20230825143413',
PaymentScheme = 'MC'
};
const json = JSON.stringify(request);
const sourceSystem = "mxx";
const jsonString = `${sourceSystem}\n${json}`;
const signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb";
const decodedUrl = decodeURIComponent(signature);
const decodedBytes = atob(decodedUrl);
const byteBuffer = new Uint8Array(decodedBytes.length);
for (let i = 0; i < decodedBytes.length; i++) {
byteBuffer[i] = decodedBytes.charCodeAt(i);
}
步骤 4:验证签名
const md = forge.md.sha256.create();
md.update(jsonString, "utf8");
const verified = rsaPubicKey.verify(md.digest().bytes(), byteBuffer);
步骤1:导入所需的包
import cryptography
步骤 2:从您的公钥创建一个 RSAPublicKey 对象
public_key = cryptography.hazmat.primitives.asymmetric.RSAPublicKey.load_pem_public_key(
open("public_key.pem").read()
)
步骤 3:创建一个 PKCS1v15 填充对象
padding = cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15()
步骤 4:创建一个 SHA256 哈希对象
hasher = cryptography.hazmat.primitives.hashes.SHA256()
步骤 5 :将除了 signedMessage 之外的所有参数都作为字符串
request_data = OrderedDict()
request_data["sequenceNo"] = "1"
request_data["sourceSystem"] = "mxx"
request_data["MsgVer"] = "1.0"
request_data["TxnID"] = "20230825023XXXXXX"
request_data["ResultCode"] = "0"
request_data["RespCd"] = "00"
request_data["OrgRespCd"] = "00"
request_data["RRN"] = "323763006XXX"
request_data["STAN"] = "006XXX"
request_data["AuthIdResp"] = "945XXX"
request_data["MRN"] = "23237V6XXX"
request_data["TxnDTTime"] = "20230825143413"
request_data["PaymentScheme"] = "MC"
json_string = json.dumps(request_data, separators=(",", ":"))
source_system="mxx"
message = f"{source_system}\n{json_string}"
signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb"
步骤 6:使用 verify() 方法验证签名
verified = public_key.verify(
signature,
hasher.update(message).digest(),
padding=padding,
)
步骤1:导入所需的包
using System.Security.Cryptography;
步骤2:从公钥字节创建一个 PublicKey 对象
var reader = System.IO.File.ReadAllText(@"E:\xxx\xxx\public.key");
RSA rsa = RSA.Create();
byte[] pubKey = Convert.FromBase64String(reader.Replace("-----BEGIN PUBLIC KEY-----", string.Empty)
.Replace("-----END PUBLIC KEY-----", string.Empty)
.Trim());
rsa.ImportSubjectPublicKeyInfo(pubKey, out _);
步骤 3:将除了 signedMessage 之外的所有参数都作为字符串
request.sequenceNo = "1",
request.sourceSystem = "mxx",
request.MsgVer = "1.0",
request.TxnID = "20230825023XXXXXX",
request.ResultCode = "0",
request.RespCd = "00",
request.OrgRespCd = "00",
request.RRN = "323763006XXX",
request.STAN = "006XXX",
request.AuthIdResp = "945XXX",
request.MRN = "23237V6XXX",
request.TxnDTTime = "20230825143413",
request.PaymentScheme = "MC"
string json = JsonConvert.SerializeObject(request);
string sourceSystem = "mxx";
string jsonString = sourceSystem + "\n" + json;
string signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb";
步骤 4:验证签名
bool verify = rsa.VerifyData(Encoding.UTF8.GetBytes(jsonString), Encoding.UTF8.GetBytes(signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
步骤 1:导入 OpenSSL 扩展
require_once 'vendor/autoload.php';
步骤 2:创建一个新的 OpenSSL 公钥
$publicKeyFNXLocation = file_get_contents('key/xxx/xxx/public.key');
$publicKeyFNX = openssl_pkey_get_public($publicKeyFNXLocation);
$publicKeyDetailsFNX = openssl_pkey_get_details($publicKeyFNX);
$publicKeyPEM = $publicKeyDetailsFNX['key'];
步骤 3:将除了 signedMessage 之外的所有参数都作为字符串
$paymentResponse->sequenceNo = '1';
$paymentResponse->sourceSystem = 'mxx';
$paymentResponse->MsgVer = '1.0';
$paymentResponse->TxnID = '20230825023XXXXXX';
$paymentResponse->ResultCode = '0';
$paymentResponse->RespCd = '00';
$paymentResponse->OrgRespCd = '00';
$paymentResponse->RRN = '323763006XXX';
$paymentResponse->STAN = '006XXX';
$paymentResponse->AuthIdResp = '945XXX';
$paymentResponse->MRN = '23237V6XXX';
$paymentResponse->TxnDTTime = '20230825143413';
$paymentResponse->PaymentScheme = 'MC';
$jsonStringResponse = json_encode($paymentResponse);
$jsonResponse = json_decode($jsonStringResponse);
$updateJsonResponse = json_encode($jsonResponse);
$minifiedJsonResponse = json_encode(json_decode($updateJsonResponse));
$sourceSystem='mxx';
$dataResponse = $sourceSystem . "\n" . $minifiedJsonResponse;
$minifiedJson = json_encode(json_decode($updateJson));
$decodedSignedMessage = '68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb';
$decodedUrl = urldecode($decodedSignedMessage);
$decodedSignature = base64_decode($decodedUrl);
步骤 4:验证签名
$verifyResponse = openssl_verify($dataResponse, $decodedSignature, $publicKeyPEM, OPENSSL_ALGO_SHA256);
