openssl_sign(): supplied key param cannot be coerc

2019-09-07 08:49发布

问题:

I have googled to search answer for these problem.but I'm not able to find proper solution for my question as many answer was specific to problem related.

when I tried to create digital signature of content using XMLSecurityKey and openssl_sign I'm getting warning and signature was not created.

openssl_sign is throwing error as :

Warning: openssl_sign(): supplied key param cannot be coerced into a private key in /var/www/git/ta_client/accessService.php on line 105

And my code is:

public function _signMessage($encData, $configValues)
    {
$decode = 'decode';
    $token = $encData['token'];
    $cipherValue = $encData['cipherValue'];
    $clientId = $encData['ClientId'];
    $grpCustNum = $encData['grpCustNum'];

    // Sign the concatenated string
    $toSign = $token . $cipherValue . $clientId . $grpCustNum;

    // Encrypt the token with the public key from vendor
    $cipher = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private')); // Reference to XMLSecLibs
    $cipher->loadKey($configValues['privkey'], true);
    try{
    if (! openssl_sign ($toSign, $signature, $cipher->key, OPENSSL_ALGO_MD5)) {
        openssl_error_string();
        throw new Exception();
    }
    }catch(Exception $e){
    print_r($e);
    die;
}
    // append the decode values
    $encData['sign'] = urlencode(base64_encode($signature)) . $decode;
    $encData['token'] = urlencode($token) . $decode;
    $encData['cipherValue'] = urlencode($cipherValue) . $decode;

    return $encData;
}

And my $configValues['privkey'] is in xml format.Any suggestions?

回答1:

openssl doesn't support XML format. My recommendation would be to use phpseclib. ie.

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->loadKey('...'); // private key

$plaintext = '...';

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($plaintext);

I'm assuming the private key you're trying to load is in this format?:

<RSAKeyValue>
  <Modulus>AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU+quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX/eP6yRnpS1b7m7T2Uc2yPq1DnWzVI+sIGR51s1/ROnQZswkPJHh71PThln</Modulus>
  <Exponent>AQAB</Exponent>
  <P>AN4DDp+IhBca6QEjh4xlm3iexzLajXYrJid6vdWmh4T42nar5nem8Ax39o3ND9b1Zoj41F9zFQmuZ8/AgabreKU=</P>
  <Q>AMQi+R0G9m0K+AcqK3DFpv4RD9jGc0Tle98heNYT7EQvZuuiq4XjvRz0ybqN//bOafrKhsTpRS9DQ7eEpKLI4Bs=</Q>
  <DP>FklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQ==</DP>
  <DQ>AJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhM=</DQ>
  <InverseQ>EaiK5KhKNp9SFXuLVwQalvzyHk0FhnNZcZnfuwnlCxb6wnKg117fEfy91eHNTt5PzYPpf+xzD1FnP7/qsIninQ==</InverseQ>
  <D>Fijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxE=</D>
</RSAKeyValue>


回答2:

The same error will be generated if you are using a malformed private key or attempting to sign with the public key...



回答3:

This error message has several causes and can be extremely misleading!

Of course, this error message will appear if your PEM file is somehow corrupt or does not contain a private key, obviously.

But this error message also comes when the file can't be read at all, e.g. because there are no permissions. Unfortunately, the message does not mention that.