[英]Generating crx file via PHP fails with: “Package is invalid: CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED”
我正在使用phpseclib在PHP中生成一個crx文件。 當我嘗試將crx安裝到Chrome中時,出現錯誤消息:
Package is invalid: 'CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED'
這是我的代碼:
<?php
//Include phpseclib files
include('File/X509.php');
include('Crypt/RSA.php');
//RSA Handler
$rsa = new Crypt_RSA();
//Create key pair
$keyPair = $rsa->createKey();
//Get the keys
$privKey = $keyPair[ "privatekey" ];
$pubKey = $keyPair[ "publickey" ];
//The Zip file contents
$zipContents = file_get_contents( "helloworld.zip" );
//Load the private key into the handler
$rsa->loadKey( $privKey );
//Sign the content (default is SHA1)
$signature = $rsa->sign( $zipContents ) ;
/* Tried this, but it also did not work */
//Convert to openSSH and remove the leading/trailing "comments": "ssh-rsa ", " phpseclib-generated-key"
//$rsa->loadKey( $pubKey );
//$rsa->setPublicKey();
//$pubKey = $rsa->getPublicKey( CRYPT_RSA_PUBLIC_FORMAT_OPENSSH );
//$pubKey = substr( $pubKey, 8, strlen( $pubKey ) - 32 );
//Encode public key in Base64 and remove the "-----BEGIN PUBLIC KEY-----\r\n" and "\r\n-----END PUBLIC KEY-----" (to put in .crx)
$base64Key = base64_decode( substr( $pubKey, 28, strlen( $pubKey ) - 54 ) );
//Create the crx (wb = write in binary mode)
$crxFile = fopen( "helloworld.crx", "wb" );
//Add crx "magic" marker, format version
fwrite( $crxFile, "Cr24" );
fwrite( $crxFile, pack( "V", 2 ) );
//Write public key and signature length
fwrite( $crxFile, pack( "V", strlen( $base64Key ) ) );
fwrite( $crxFile, pack( "V", strlen( $signature ) ) );
//Write public key (base64 encoded) and signature
fwrite( $crxFile, $base64Key );
fwrite( $crxFile, $signature );
//Write the zip file contents
fwrite( $crxFile, $zipContents );
fclose( $crxFile );
?>
我究竟做錯了什么? 我猜這與密鑰的格式和簽名有關嗎?
我找到了答案! 簽名使用的是CRYPT_RSA_SIGNATURE_PSS
,顯然僅適用於PKCS1
。 因此,您需要添加以下行:
$rsa->setSignatureMode( CRYPT_RSA_SIGNATURE_PKCS1 );
在簽名創建代碼之前。 因此,簽名代碼現在如下所示:
//Load the private key into the handler
$rsa->loadKey( $privKey );
//Sign the content (default is SHA1)
$rsa->setSignatureMode( CRYPT_RSA_SIGNATURE_PKCS1 ); /* <-- This is required */
$signature = $rsa->sign( $zipContents ) ;
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.