package utils import ( "crypto" "crypto/rand" "crypto/rsa" "crypto/sha1" "crypto/x509" "encoding/base64" "encoding/hex" "encoding/pem" "errors" "fmt" "io/ioutil" ) //func test() { // str := "from A to B 500RMB" // base64Sig, _ := RSASign([]byte(str), "../cert/OP00000003_private_key.pem") // fmt.Println("签名后的信息:", base64Sig) // // err := RSAVerify([]byte(str), base64Sig, "../cert/OP00000003_cert.cert") // if err == nil { // fmt.Println("验证成功!") // } else { // fmt.Println("验证失败!") // } //} // 私钥签名过程 func RSASign(data []byte, filename string) (string, error) { // 1、选择hash算法,对需要签名的数据进行hash运算 myhash := crypto.SHA256 hashInstance := myhash.New() hashInstance.Write(data) hashed := hashInstance.Sum(nil) // 2、读取私钥文件,解析出私钥对象 privateKey, err := ReadParsePrivaterKey(filename) if err != nil { return "", err } // 3、RSA数字签名(参数是随机数、私钥对象、哈希类型、签名文件的哈希串),生成base64编码的签名字符串 bytes, err := rsa.SignPKCS1v15(rand.Reader, privateKey, myhash, hashed) if err != nil { return "", err } return base64.StdEncoding.EncodeToString(bytes), nil } // 公钥验证签名过程 func RSAVerify(data []byte, base64Sig, filename string) error { // 1、对base64编码的签名内容进行解码,返回签名字节 bytes, err := base64.StdEncoding.DecodeString(base64Sig) if err != nil { return err } // 2、选择hash算法,对需要签名的数据进行hash运算 myhash := crypto.SHA256 hashInstance := myhash.New() hashInstance.Write(data) hashed := hashInstance.Sum(nil) // 3、读取公钥文件,解析出公钥对象 publicKey, err := ReadParsePublicKey(filename) if err != nil { return err } // 4、RSA验证数字签名(参数是公钥对象、哈希类型、签名文件的哈希串、签名后的字节) return rsa.VerifyPKCS1v15(publicKey, myhash, hashed, bytes) } // 读取公钥文件,解析出公钥对象 func ReadParsePublicKey(filename string) (*rsa.PublicKey, error) { // 1、读取公钥文件,获取公钥字节 publicKeyBytes, err := ioutil.ReadFile(filename) if err != nil { return nil, err } // 2、解码公钥字节,生成加密块对象 block, _ := pem.Decode(publicKeyBytes) if block == nil { return nil, errors.New("公钥信息错误!") } // 3、解析DER编码的公钥,生成公钥接口 //publicKeyInterface2, err := asn1.Marshal(block.Bytes) //fmt.Println(publicKeyInterface2) publicKeyInterface, err := x509.ParsePKIXPublicKey(block.Bytes) //publicKeyInterface, err := x509.ParseCertificate(block.Bytes) if err != nil { fmt.Println(8888888888) return nil, err } // 4、公钥接口转型成公钥对象 publicKey := publicKeyInterface.(*rsa.PublicKey) return publicKey, nil } // 读取私钥文件,解析出私钥对象 func ReadParsePrivaterKey(filename string) (*rsa.PrivateKey, error) { // 1、读取私钥文件,获取私钥字节 privateKeyBytes, err := ioutil.ReadFile(filename) if err != nil { return nil, err } // 2、对私钥文件进行编码,生成加密块对象 block, _ := pem.Decode(privateKeyBytes) fmt.Println(block.Type) if block == nil { return nil, errors.New("私钥信息错误!") } // 3、解析DER编码的私钥,生成私钥对象 //privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) //if err != nil { // return nil, err //} prkI, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return nil, err } privateKey := prkI.(*rsa.PrivateKey) return privateKey, nil } //(3)签名:采用sha1算法进行签名并输出为hex格式(私钥PKCS8格式) func RsaSignWithSha1Hex(data string, prvKey string) (string, error) { //keyByts, err := hex.DecodeString(prvKey) keyByts := []byte(prvKey) //if err != nil { // fmt.Println("DecodeString err", err) // return "", err //} privateKey, err := x509.ParsePKCS8PrivateKey(keyByts) if err != nil { fmt.Println("ParsePKCS8PrivateKey err", err) return "", err } h := sha1.New() h.Write([]byte([]byte(data))) hash := h.Sum(nil) signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), crypto.SHA1, hash[:]) if err != nil { fmt.Printf("Error from signing: %s\n", err) return "", err } out := hex.EncodeToString(signature) return out, nil } //(4)验签:对采用sha1算法进行签名后转base64格式的数据进行验签 func RsaVerySignWithSha1Base64(originalData, signData, pubKey string) error{ sign, err := base64.StdEncoding.DecodeString(signData) if err != nil { return err } //public, _ := base64.StdEncoding.DecodeString(pubKey) public := []byte(pubKey) pub, err := x509.ParsePKIXPublicKey(public) if err != nil { return err } hash := sha1.New() hash.Write([]byte(originalData)) return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA1, hash.Sum(nil), sign) } //func VerifySignCert(signData, sign, signType, aliPayPublicKeyPath string) (err error) { // var ( // h hash.Hash // hashs crypto.Hash // block *pem.Block // pubKey *x509.Certificate // publicKey *rsa.PublicKey // ok bool // bytes []byte // ) // if bytes, err = ioutil.ReadFile(aliPayPublicKeyPath); err != nil { // return fmt.Errorf("支付宝公钥文件读取失败: %w", err) // } // signBytes, _ := base64.StdEncoding.DecodeString(sign) // if block, _ = pem.Decode(bytes); block == nil { // return errors.New("支付宝公钥Decode错误") // } // if pubKey, err = x509.ParseCertificate(block.Bytes); err != nil { // return fmt.Errorf("x509.ParseCertificate:%w", err) // } // if publicKey, ok = pubKey.PublicKey.(*rsa.PublicKey); !ok { // return errors.New("支付宝公钥转换错误") // } // switch signType { // case "RSA": // hashs = crypto.SHA1 // case "RSA2": // hashs = crypto.SHA256 // default: // hashs = crypto.SHA256 // } // h = hashs.New() // h.Write([]byte(signData)) // return rsa.VerifyPKCS1v15(publicKey, hashs, h.Sum(nil), signBytes) //} //func VerifyDerCert(der_cert []byte, der_signing_cert []byte) (bool, error) { func VerifyDerCert(der_cert []byte, filename string) (bool, error) { // 1、读取私钥文件,获取私钥字节 der_signing_cert, err := ioutil.ReadFile(filename) if err != nil { return false, err } roots := x509.NewCertPool() opts := x509.VerifyOptions{ Roots: roots, } // Verify key policy_cert, err := x509.ParseCertificate(der_signing_cert) if err != nil { return false, errors.New("Signing ParseCertificate fails") } roots.AddCert(policy_cert) fmt.Printf("Root cert: %x\n", der_signing_cert) // Verify key cert, err := x509.ParseCertificate(der_cert) if err != nil { return false, errors.New("Cert ParseCertificate fails") } roots.AddCert(policy_cert) opts.Roots = roots chains, err := cert.Verify(opts) if err != nil { return false, errors.New("Verify fails") } if chains != nil { return true, nil } else { return false, nil } }