Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
Us592020-06-17 20:42:46
PHP
Us59, 2020-06-17 20:42:46

How is the signature generated?

Studying Wiki:
5eea4f81b0eee425175931.png

Here is a good example of a real request: link

If I understand correctly,
1) Activation data (BASe64)
2) Certificate (Base 64 RSA), in which I didn’t find much ..
3) Signature (which, according to WIKI, is generated from the data ( 1) and certificate (2)

Signature (3):

wBEUU8oNnOuvKqnB1n3PYm1MlqMC8LTWtnLPX0V1XIMyUs4XGNK7BVaYAqdIIJdyENs4
        PNgjT17EJ8JSkIHfkRnsrTh7GGQT7EeXS8HTpksZn1yKoT7AjZgIni72DgofOIA0tsDu
        hVqcP0BDtWQIBFub3NeHYT8FNACytWI/FNc=

The signature (3) is the base64 encoded ones that the server uses to verify that the request is unaffected. (data (1) have not been changed)

What and how it is encoded is clear from WIKI, but it is impossible to decode this data.
Purpose: Ultimately, I need to change the data (1) and generate a signature (3)

Perhaps someone will tell you how to generate a signature (3), needed in php.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
CityCat4, 2020-06-18
@CityCat4

Will not work.
An electronic signature is just about such smart people. It ensures that the text it protects has not been modified. The signature is made with a personal certificate (key) that you do not have (if you have, you can simply regenerate the signature in the standard way). If there is no key, nothing will work.
There, on the other side, the subscriber will check the signature against the sender's common certificate - and if the text is changed, the signature will not match ...

Report
N
none7, 2020-06-18
@none7

A signature is a hash sum (sha1 in this case) of the data encrypted with a secret RSA key. By decrypting the signature with the public RSA key, you can get the hash of the data back and comparing it with the hash of the available data, you can verify the signature. The certificate contains the public RSA key. You cannot generate a valid signature without having a secret key, which is the essence of any asymmetric cryptography. If it were possible to get around this, then the entire security of the Internet would be covered with a copper basin, because asymmetric encryption is the basis of SSL.

Similar questions
B
Boris Greinov2021-03-18 20:53:14
Synthesizing speech to a website but not Web Speech Api? 3Reply
S
StayAtHome2015-04-01 12:24:02
How to distinguish a web request from a regular page from a request from the extension itself from a Chrome/Opera extension? 4Reply
A
Anton2021-03-27 12:39:53
Getting the selected radio item and passing it to the email body, how to display the selected item? 2Reply
P
Pashchuk Ilya2017-05-09 21:42:00
How to resize a block when dragging in css3 and html5? 2Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question