node sm2 签名加密吐血求问
发布于 4 年前 作者 SKandAV 8698 次浏览 来自 问答

小弟目前在做一个银行方面支付签名加密的功能,用的加密算法是sm2.一开始看到这个加密签名算法就很懵逼。没见过。百度了有所了解,单node能用的包比较少找了好久找到一个sm-crypto。但是签名还是和示例结果不一样。希望有大佬了解的能给小弟一点提示,谢谢。嘭嘭嘭!磕头了 签名测试证书:MIIDJwIBATBHBgoqgRzPVQYBBAIBBgcqgRzPVQFoBDAeLV7q3Wh/fNYTNDCaupDJACCDvEV6pEwR3qCjXoimnCYeUbbyLxXTqgi883xA8mQwggLXBgoqgRzPVQYBBAIBBIICxzCCAsMwggJnoAMCAQIC BTADFydCMAwGCCqBHM9VAYN1BQAwKzELMAkGA1UEBhMCQ04xHDAaBgNVBAoME0NGQ0EgU00yIFRF U1QgT0NBMjEwHhcNMTkwNTE1MDkxODU3WhcNMjAwNTE1MDkxODU3WjB6MQswCQYDVQQGEwJDTjEN MAsGA1UECgwEQ01CQzESMBAGA1UECwwJQ01CQ19EQ01TMRkwFwYDVQQLDBBPcmdhbml6YXRpb25h bC0xMS0wKwYDVQQDDCQwMzA1QDcwNTAxNTE3MTZA6K+B5Lmm5pu05paw5rWL6K+VQDEwWTATBgcq hkjOPQIBBggqgRzPVQGCLQNCAATCE4w0oE40yXBUH/DmZLoI2V2g5gyHTC5LFGgOmubz/R9P2J4x 2E1CprPpxAqWemSjZ+a0XUyZ/smiW9Tos/DYo4IBJTCCASEwHwYDVR0jBBgwFoAU4n62ELuU6xXm rtEVCv/o16BXOZ0wSAYDVR0gBEEwPzA9BghggRyG7yoCAjAxMC8GCCsGAQUFBwIBFiNodHRwOi8v d3d3LmNmY2EuY29tLmNuL3VzL3VzLTEzLmh0bTBpBgNVHR8EYjBgMC6gLKAqhihodHRwOi8vMjEw Ljc0LjQyLjMvT0NBMjEvU00yL2NybDE1NjAuY3JsMC6gLKAqhihodHRwOi8vMjEwLjc0LjQyLjMv T0NBMjEvU00yL2NybDE1NjAuY3JsMAsGA1UdDwQEAwID+DAdBgNVHQ4EFgQUgraLiaVncgA2mbji SMRoS1x+wukwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAwGCCqBHM9VAYN1BQADSAAw RQIhALL1JIduYgpKQ0qr2jWI1byu8n/ibRr94K4ALvYCRu79AiA/tGZOT0EV5rzadajuXnqSeg7I 6jVFUBSnMZqpA6oDrg==

加密测试证书:-----BEGIN CERTIFICATE----- MIICvDCCAmCgAwIBAgIFMAMWgnMwDAYIKoEcz1UBg3UFADArMQswCQYDVQQGEwJD TjEcMBoGA1UECgwTQ0ZDQSBTTTIgVEVTVCBPQ0EyMTAeFw0xOTA1MTQwOTUzMzNa Fw0yMDA1MTQwOTUzMzNaMHMxCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDARDTUJDMRIw EAYDVQQLDAlDTUJDX0RDTVMxGTAXBgNVBAsMEE9yZ2FuaXphdGlvbmFsLTExJjAk BgNVBAMMHTAzMDVAWjkwOEJBTktTTTJAOTA4QmFua1NtMkAxMFkwEwYHKoZIzj0C AQYIKoEcz1UBgi0DQgAEp4Fb7WzVx1Q6x4CUlt5Zi4zwJa4o90pYWUMctZ56UJ4p KQOhw/fStMukfLLImwBG0eDahY3ifDzzkA/K+ej7rqOCASUwggEhMB8GA1UdIwQY MBaAFOJ+thC7lOsV5q7RFQr/6NegVzmdMEgGA1UdIARBMD8wPQYIYIEchu8qAgIw MTAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xMy5o dG0waQYDVR0fBGIwYDAuoCygKoYoaHR0cDovLzIxMC43NC40Mi4zL09DQTIxL1NN Mi9jcmwxNTU3LmNybDAuoCygKoYoaHR0cDovLzIxMC43NC40Mi4zL09DQTIxL1NN Mi9jcmwxNTU3LmNybDALBgNVHQ8EBAMCA/gwHQYDVR0OBBYEFLhmRmKxGGCcMmQl TRxQdv/lW1x2MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAMBggqgRzP VQGDdQUAA0gAMEUCIQDRnl5AFJpwR70bj9f8uz6l90F5flf2wjkucrA1tzh4PgIg Ac+miDyQZV8NhnRK8t5hDS/dH/wHD3VwayFVEcPwkXo= -----END CERTIFICATE-----

下面是测试的

  1. 商户后台按照要求,拼接查询信息,将查询信息拼接成 json 字符串 {“platformId”:“3300000100016169”,“merchantNo”:“01201712081606430003”,“merSerialNo”:“tp20180116142640”, “fileNum”:“1”,“fileSize”:“145”,“fileMd5”:“dcc40f676cdf738e81a042ad7a95ef14”,“feeType”:“01”,“totalAmount”:“100. 00”,“fileContent”:“MjAxNzExMjEwMDA5MjExMTIyMTJ8MTAzMzI0ODJ8546L5rSLfOWMl+S6rOS4nOWfjuWMunw xMTAxMTExMTkxOTgyMjM2fDEzODExMTEwMDAwfOWtpuadgui0uXwxMDAuMDB8MjAxNTA1MTF8MjAxNTEy MzB8MjAxNuW5tOWwj+WtpuWFtOi2o+Wfueiurei0uQ==”,“reserve”:""}
  2. 将上述字符串调用签名函数进行签名,得到签名值 MEUCIGcnFdZCiltWU2UBbwXA18LiJ0oIqrLTcXFNhwgOUum0AiEAuJgohSL9ocnyBgAeRvoeW6nIaJ+pvg1AFzM h17YdoIs=
  3. 将签名值和订单 json 字符串按如下格式拼接 {“sign”:“MEUCIGcnFdZCiltWU2UBbwXA18LiJ0oIqrLTcXFNhwgOUum0AiEAuJgohSL9ocnyBgAeRvoeW6nIaJ+pv g1AFzMh17YdoIs=”,“body”:"{“platformId”:“3300000100016169”,“merchantNo”:“01201712081606430003”,“ merSerialNo”:“tp20180116142640”,“fileNum”:“1”,“fileSize”:“145”,“fileMd5”:“dcc40f676cdf738e81a042ad7 a95ef14”,“feeType”:“01”,“totalAmount”:“100.00”,“fileContent”:“MjAxNzExMjEwMDA5MjExMTIyMTJ8MTAz MzI0ODJ8546L5rSLfOWMl+S6rOS4nOWfjuWMunwxMTAxMTExMTkxOTgyMjM2fDEzODExMTEwMDAwfOWtpu adgui0uXwxMDAuMDB8MjAxNTA1MTF8MjAxNTEyMzB8MjAxNuW5tOWwj+WtpuWFtOi2o+Wfueiurei0uQ==”,“r eserve”:""}"}
  4. 对 json 串加密得到请求密文 MIIDSAYKKoEcz1UGAQQCA6CCAzgwggM0AgECMYGdMIGaAgECgBS1x/e/puEJbLQnTtwm2y/+fP1b2jANBgkq gRzPVQGCLQMFAARwLQyxFEhQdToL4smYyB7nOXnAtRWa3G8PvnD6rtQtcpsxZUfOfMUHjc1qt9kIkPS4XbYM ukvRd4kG3hQESfoabibVmIvL2ZecPkrJqHkgYP5VLiiQcQ9acSeTTiBZ2QrPGj4/+EwVK9+WLyn+wr+9jzCCAo0G CiqBHM9VBgEEAgEwGwYHKoEcz1UBaAQQ8+Mg7nDGYdN/eIawzoF894CCAmB68MqPj2ONES0Gniy8TMmcr vjApZf1VB6CfF1Onl46+EqCiwpCB4uQuVZB4lQHw+1djjJeg9uiYouPvYDJyH9NeImZyw/aZXgl/jJa7d3LeFMnW2H Bl6vCdVlfuQlxd1ouaHx9I/UYYfOEjrB1BXFx1nAw0V0jwEJ5aQh0Qftb27l7eHpblvMcTN2oDbzfgLGweHl8rBZPmO LxO8+FBCu3hjowvtJw8JVODgFvfZY0v414TQEqKkOPH8xXBvqTmAO/SV6gbW1GysIcIR26N9mVdkB3fqOZrXe 2tQ8WyGl8TNGHFH9gx0CUcQM9HhhuT9dAe0gXRKpN6jhx0AXD4HBb+as9oFSN0JkXtOrkNk0vqTiwl4iDYON7 UULmtaD1bHmL3FbO7Yg4BtDPfo8rMwVP9e/mneAismMTnFok12vNefsGgKyMUQZYy71FXfCdIczFen2ityGL6o oSRoAlYoO5UfpfP1cXsZWmcXe7SWOZFglnzzWK9TrPtDzxclGtNMjCo/QpARULey8i9mg5ewkXFi53FeP8D8bxS KwyC7RUIDkyqJRNcz3enRS6Ec99zla3GXzlsy9IRx4MRgQHoG4pm8pf8rN9wTKDOI0HKoq/16jhqMT/kDN62ItIK AdoLcJmQJDbpxq+kpLHAKdQzgMmQjoFchSLyvx6P46NgkEF9Q2MjvkIsUVjve4qqrPaqUkP6ONZPRvH59UxdF QJos2Pq1/ILQWawFtufTtzHX0xXOfPj4BXosH12e2ZYS3EY60Ofqsjzy2Dqa21n2LF15UJm/Olhx2kzqW4yYbkKpX Kbw==
16 回复

实在不行搞一个java或者其它语言的程序专门做加解密操作供Node调用。 node相关的库确实少。

可以用别的语言编译wasm给js调用, 或者C++原生拓展

@Gitforxuyang 谢谢老哥,这操作没用过得看看

@lxzan 感觉好高端啊…

小哥,我印象中 crypto库的加密算法是由本机openssl库支持的,具体的需要看下文档,但是我也不确定。QAQ。

@SKandAV 你这证书太长了吧

@lxzan …银行给的测试证书就是这个

@muyoucun557 ,我看过了。好像没有支持crypto 好像没有支持sm2 的。心累啊

https://github.com/search?q=js+sm2

这里面有十几个库,选一个能用的吧。 百度搜不到啥东西的

@zuohuadong 好的,谢谢哥

@SKandAV 我用sm2生成的证书比你的短多了

@lxzan 哥,你后面是调用的其它语言的么。现在银行有java,C#,的sdk。现在打算调用C#的dll。

@SKandAV 我就写demo玩玩

@SKandAV openssl 最新版有支持国密算法。具体是 sm2 还是 sm4 忘了。

openssl ecparam -list_curves  \|  grep SM

SM2 : SM2 curve over a 256 bit prime field

@waitingsong 谢谢老哥,我已经用node 掉用dll解决了

回到顶部