英文:
Unable to verify SHA256 signature in go
问题
我一直在尝试使用Go的crypto包验证在Node中生成的签名。签名是使用createSig()函数生成的。然后在Go中,我使用verifySig()函数进行验证,但是验证总是失败。这些私钥/公钥是安全的,可以共享,因为它们是为了这个示例而生成的。我能够在Node中从签名中运行验证而没有问题,但是我不确定在Go中出现了什么问题导致验证失败。
在Node中生成签名:
function createSig() {
const crypto = require("crypto");
function fromBase64(base64) {
return base64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
}
const PRIVATE_KEY =
"-----BEGIN PRIVATE KEY-----\nMIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAyX1juQ2AVhS5NdKl\nJL5g4A+fPLUUWh2Tq1+f0Z1rb1dpCZ+RXECJAdW4ocsl5n24QtmzD66Z/s1bs+B5\nOyD4KwIDAQABAkBqxbiXsrDkbNzsybBbtUsO0Rh4Chk729qKAQVnBf2NpRmz3KAf\nMXP5M9Wr9HlD1PT8WUUaYvGtabbbkXTFq+pBAiEA+T2Lja3seY2NUxsR0Qi211Ug\nKCd820+5Tjft1XMf1aECIQDO9FDm5asV3q60YvqpifSawiS2JH/DS7Whg4X0M64i\nSwIhAPaKTY/g+eim/6O0RCRspUhNeRifLt9VdiyMIGOilFvhAiAJxgH4FYqR2tVX\nUYFS9l/l2xtOusSJ3Y5zVTnDQZmMpwIhAMibeam8MvHMr3FjTqE5CwOgsg6zXiWZ\nFA9ZnEINP5jz\n-----END PRIVATE KEY-----";
var message = "test";
var signer = crypto.createSign("RSA-SHA256");
signer.update(message);
return fromBase64(signer.sign(PRIVATE_KEY, "base64"));
}
在Go中进行验证:
func verifySig(message, signature string) (bool, error) {
var key = "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMl9Y7kNgFYUuTXSpSS+YOAPnzy1FFod\nk6tfn9Gda29XaQmfkVxAiQHVuKHLJeZ9uELZsw+umf7NW7PgeTsg+CsCAwEAAQ==\n-----END PUBLIC KEY-----"
block, _ := pem.Decode([]byte(key))
if block == nil {
return false, errors.New("uh oh")
}
sh := crypto.SHA256.New()
sh.Write([]byte(message))
hashed := sh.Sum(nil)
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return false, err
}
if pubKey, ok := pub.(*rsa.PublicKey); ok {
err := rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, hashed, []byte(signature))
if err != nil {
// 每次都在这里失败
return false, err
}
return true, nil
}
}
在Node中的验证工作正常:
function verifySig(message, signature) {
const PUBLIC_KEY =
"-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMl9Y7kNgFYUuTXSpSS+YOAPnzy1FFod\nk6tfn9Gda29XaQmfkVxAiQHVuKHLJeZ9uELZsw+umf7NW7PgeTsg+CsCAwEAAQ==\n-----END PUBLIC KEY-----";
var verifier = crypto.createVerify("RSA-SHA256");
verifier.update(message);
// 将返回true
return verifier.verify(PUBLIC_KEY, signature, "base64");
}
英文:
I have been trying to verify a signature generated in Node with the go crypto package. The signature is generated from the createSig() function. Then in go I am verifying that with verifySig() but it always fails. These private/public keys are safe to share as they were generated for this example. I was able to run a verification in Node from the signature without an issue but I'm not sure what's happening in go to make it fail.
Generating signature in Node
function createSig() {
const crypto = require("crypto");
function fromBase64(base64) {
return base64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
}
const PRIVATE_KEY =
"-----BEGIN PRIVATE KEY-----\nMIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAyX1juQ2AVhS5NdKl\nJL5g4A+fPLUUWh2Tq1+f0Z1rb1dpCZ+RXECJAdW4ocsl5n24QtmzD66Z/s1bs+B5\nOyD4KwIDAQABAkBqxbiXsrDkbNzsybBbtUsO0Rh4Chk729qKAQVnBf2NpRmz3KAf\nMXP5M9Wr9HlD1PT8WUUaYvGtabbbkXTFq+pBAiEA+T2Lja3seY2NUxsR0Qi211Ug\nKCd820+5Tjft1XMf1aECIQDO9FDm5asV3q60YvqpifSawiS2JH/DS7Whg4X0M64i\nSwIhAPaKTY/g+eim/6O0RCRspUhNeRifLt9VdiyMIGOilFvhAiAJxgH4FYqR2tVX\nUYFS9l/l2xtOusSJ3Y5zVTnDQZmMpwIhAMibeam8MvHMr3FjTqE5CwOgsg6zXiWZ\nFA9ZnEINP5jz\n-----END PRIVATE KEY-----";
var message = "test";
var signer = crypto.createSign("RSA-SHA256");
signer.update(message);
return fromBase64(signer.sign(PRIVATE_KEY, "base64"));
}
Verifying in go
func verifySig(message, signature string) (bool, error) {
var key = "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMl9Y7kNgFYUuTXSpSS+YOAPnzy1FFod\nk6tfn9Gda29XaQmfkVxAiQHVuKHLJeZ9uELZsw+umf7NW7PgeTsg+CsCAwEAAQ==\n-----END PUBLIC KEY-----"
block, _ := pem.Decode([]byte(key))
if block == nil {
return false, errors.New("uh oh")
}
sh := crypto.SHA256.New()
sh.Write([]byte(message))
hashed := sh.Sum(nil)
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return false, err
}
if pubKey, ok := pub.(*rsa.PublicKey); ok {
err := rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, hashed, []byte(signature))
if err != nil {
// THIS IS WHERE I END UP EVERY TIME
return false, err
}
return true, nil
}
}
Working Node verification:
function verifySig(message, signature) {
const PUBLIC_KEY =
"-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMl9Y7kNgFYUuTXSpSS+YOAPnzy1FFod\nk6tfn9Gda29XaQmfkVxAiQHVuKHLJeZ9uELZsw+umf7NW7PgeTsg+CsCAwEAAQ==\n-----END PUBLIC KEY-----";
var verifier = crypto.createVerify("RSA-SHA256");
verifier.update(message);
// will return true
return verifier.verify(PUBLIC_KEY, signature, "base64");
}
答案1
得分: 1
我认为你的代码有两个问题。
第一个问题:在Node.js中,你使用Base64对签名进行了编码,第二个问题:然后你将Base64字符串转换为“UrlSafe” Base64编码的字符串。
这两个步骤需要反转(我不知道Go语言是否有内置的“Url-safe Base64解码函数”),然后再将签名字符串作为输入用于Go语言中的验证。
英文:
I think there are 2 issues with your code.
First: in NodeJs you encoded the signature using Base64 and secondly you converted the Base64 string to a "UrlSafe" Base64-encoded string.
Those two steps need to be reversed (I don't know if Go has a built-in "Url-safe Base64 decoding function") before you use the signature string as input for your verification in Go.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论