PHP openssl_sign与SHA512
[英]PHP openssl_sign with SHA512
问题描述
Is there any chance to get PHP's openssl_sign method working with SHA512 (or any other SHA2 family member)? 
有没有机会让PHP的openssl_sign方法与SHA512(或任何其他SHA2系列成员)一起使用?
If I use RSA as the key type (OPENSSL_KEYTYPE_RSA) and sign via 如果我使用RSA作为密钥类型(OPENSSL_KEYTYPE_RSA)并通过
openssl_sign($data, $signature, $privatekey, 'sha512');
everything works just fine. 一切正常。
However when using OPENSSL_KEYTYPE_DSA the signature remains empty. 但是,使用OPENSSL_KEYTYPE_DSA时,签名保持为空。
At an OpenSSL help page I found this: “If you wish to sign or verify data using the DSA algorithm then the dss1 digest must be used.” 在OpenSSL帮助页面上,我发现:“如果您希望使用DSA算法对数据进行签名或验证,则必须使用dss1摘要。”
So I tried this with DSA: 因此,我尝试使用DSA:
openssl_sign($data, $signature, $privatekey, 'dss1');
and it worked fine. 而且效果很好。
I'd prefer to use DSA because it creates much shorter signatures which is more suitable for my use case. 我更喜欢使用DSA,因为它创建的签名短得多,更适合我的用例。 However my concern is that DSS1 is basically SHA1 which isn't supposed to be used anymore. 但是,我担心的是DSS1基本上是SHA1,因此不应再使用它。 Is this also valid for a combination with DSA? 这对于与DSA组合使用也有效吗? Is there a way to work around this issue and use DSA with SHA512? 有没有一种方法可以解决此问题,并将DSA与SHA512一起使用?
1 个解决方案
解决方案1
1 2014-06-06 09:16:51
Not really an answer but more than I can make readable in comments. 并不是真正的答案,而是超出我的理解范围。
That OpenSSL manpage note is outdated (note). 该OpenSSL手册注释已过时(注释)。 OpenSSL 0.9.8 using the "EVP" API, which commandline dgst among others does, selected hash and PKalg together and as a result could only do DSA with SHA1 (as specified by the original no-suffix FIPS) and called it DSS1 (as you found). OpenSSL 0.9.8使用“ EVP” API(命令行dgst除其他功能外)一起选择了哈希和PKalg,因此只能使用SHA1(由原始无后缀FIPS指定)进行DSA,并将其称为DSS1(如你发现了)。 Also it could only generate DSA params with subgroup (q) size 160, although it could do group (p) size > 1k in spite of the FIPS saying 512 to 1k in steps of 64 (which was good back in like 1995). 尽管FIPS说以64为步长从512到1k,它也只能生成 (q)大小为160的子集的DSA参数,尽管它可以做到(p)大小为> 1k的子集(这与1995年的情况类似)。
In 1.0.0 and 1.0.1 with new&improved APIs you can generate all FIPS186-3 param sizes (1k/160, 2k/224, 2k/256, 3k/256) and sign/verify DSA of any sane size with any of the 4 original SHA-2 hashes, where a hash longer than q (subgroup) is truncated per FIPS and thus basically wasted. 在带有新的和改进的API的1.0.0和1.0.1中,您可以生成所有FIPS186-3参数大小(1k / 160、2k / 224、2k / 256、3k / 256),并使用任何4个原始SHA-2散列,其中每个FIPS会截断长于q(子组)的散列,因此基本上被浪费了。 (The 3 SHA-2 "slash" variants added in IIRC FIPS180-4 aren't yet implemented in OpenSSL as hashes, much less for signatures.) (在IIRC FIPS180-4中添加的3个SHA-2“斜杠”变体尚未在OpenSSL中实现为散列,对于签名则更少。)
As you've apparently confirmed, OpenSSL since 0.9.8 supports RSA with (I'm pretty sure) all hashes from MD2 through SHA512. 正如您已经确认的那样,OpenSSL从0.9.8开始支持RSA,并且(我敢肯定)从MD2到SHA512的所有哈希都支持RSA。 But SHA512 is like Schneier's mile-high stake; 但是SHA512就像Schneier的一英里高赌注。 in order for RSA preserve its nominal strength you need over 15kbits according to both NIST and ECRYPT (see www.keylength.com) and that will be sloooow. 为了使RSA保持其标称强度,根据NIST和ECRYPT(请参见www.keylength.com),您都需要超过15kbits的空间。
ECDSA produces equally small signature values, and is expected to scale better at the higher strengths now or soon wanted. ECDSA产生的签名值也同样小,现在或不久将被期望以更高的强度更好地扩展。
If, when and how this is (or these are) available in PHP I know nothing. 如果在PHP中可用,何时以及如何使用(或这些可用),我一无所知。
And as always with crypto if you're interoperating with one or more other systems check their capabilities also. 与加密一样,如果您要与一个或多个其他系统进行互操作,则还要检查其功能。
(note) Following last month's (cough, cough) excitement the number of people working on OpenSSL has jumped upward, and some are even doing the boring bits like doc and testing that have lagged for years, so I'll put in a fix request on this. (注释)在上个月(咳嗽,咳嗽)兴奋之后,使用OpenSSL的人数激增,有些人甚至在做一些乏味的工作,例如doc和测试已经落后了多年,所以我将提出一个修复请求在此。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.