PHP에서 SHA256withRSA를 만들려면 어떻게해야합니까? 공식적인 예에서 [서명 바이트]를 어떻게 알 수 있습니까?

Question

PHP로 SHA256withRSA를 만들려면 어떻게해야합니까?

예 : https://developers.google.com/identity/protocols/OAuth2ServiceAccount

다음

{"alg":"RS256","typ":"JWT"}. 
    { 
    "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com", 
    "scope":"https://www.googleapis.com/auth/prediction", 
    "aud":"https://www.googleapis.com/oauth2/v4/token", 
    "exp":1328554385, 
    "iat":1328550785 
    }. 
    [signature bytes] 

---

가 서명 한 JWT의 예입니다 및 전송을위한 준비 :

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92NC90b2tlbiIsImV4cCI6MTMyODU1NDM4NSwiaWF0IjoxMzI4NTUwNzg1fQ.UFUt59SUM2_AW4cRU8Y0BYVQsNTo4n7AFsNrqOpYiICDu37vVt-tw38UKzjmUKtcRsLLjrR3gFW3dNDMx_pL9DVjgVHDdYirtrCekUHOYoa1CMR66nxep5q5cBQ4y4u2kIgSvChCTc9pmLLNoIem-ruCecAJYgI9Ks7pTnW1gkOKs0x3YpiLpzplVHAkkHztaXiJdtpBcY1OXyo6jTQCa3Lk2Q3va1dPkh_d--GU2M5flgd8xNBPYw4vxyt0mP59XZlHMpztZt0soSgObf7G3GXArreF_6tpbFsS3z2t5zkEiHuWJXpzcYr5zWTRPDEHsejeBSG8EgpLDce2380ROQ 

방법은 무엇 [서명 바이트를 확인합니까 ]? 어떻게 내가 PHP?

로그인

합니다 (SHA-256 해시 함수와 RSASSA-PKCS1-v1_5의-SIGN로 알려진 또한 ) SHA256withRSA를 사용하여 입력의 UTF-8 표현을 SHA256withRSA을

Answer 1

PHP 함수 openssl_sign()을 사용할 수 있습니다.

//helper function 
function base64url_encode($data) { 
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
} 

//Google's Documentation of Creating a JWT: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests 

//{Base64url encoded JSON header} 
$jwtHeader = base64url_encode(json_encode(array(
    "alg" => "RS256", 
    "typ" => "JWT" 
))); 
//{Base64url encoded JSON claim set} 
$now = time(); 
$jwtClaim = base64url_encode(json_encode(array(
    "iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com", 
    "scope" => "https://www.googleapis.com/auth/prediction", 
    "aud" => "https://www.googleapis.com/oauth2/v4/token", 
    "exp" => $now + 3600, 
    "iat" => $now 
))); 
//The base string for the signature: {Base64url encoded JSON header}.{Base64url encoded JSON claim set} 
openssl_sign(
    $jwtHeader.".".$jwtClaim, 
    $jwtSig, 
    $your_private_key_from_google_api_console, 
    "sha256WithRSAEncryption" 
); 
$jwtSign = base64url_encode($jwtSig); 

//{Base64url encoded JSON header}.{Base64url encoded JSON claim set}.{Base64url encoded signature} 
$jwtAssertion = $jwtHeader.".".$jwtClaim.".".$jwtSig;