[网络协议]Golang RAS 验签

通过加载pem公钥证书对签名进行验签

package main

import (
	"crypto"
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/base64"
	"encoding/hex"
	"encoding/pem"
	"fmt"
	"strings"
)

/*
	验签
*/

func verfiy() {

	cer := `-----BEGIN CERTIFICATE-----
MIIENDCCAxygAwIBAgIFE0RwNCMwDQYJKoZIhvcNAQEFBQAwITELMAkGA1UEBhMC
Q04xEjAQBgNVBAoTCUNGQ0EgT0NBMTAeFw0yMTA5MDgwNTUxMDlaFw0yNjA5MDgw
NTUxMDlaMIGfMQswCQYDVQQGEwJjbjESMBAGA1UEChMJQ0ZDQSBPQ0ExMRYwFAYD
VQQLEw1DaGluYUNsZWFyaW5nMRQwEgYDVQQLEwtFbnRlcnByaXNlczFOMEwGA1UE
AwxFMDQxQDg5MTUwMDAwMDM0NTg4OTQxNTlA6ams5LiK5raI6LS56YeR6J6N6IKh
5Lu95pyJ6ZmQ5YWs5Y+4QDAwMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA4Q2h2gCWO0yR1tVHsZJ/iPdgNZ7TlLF559kkrerXv7sYL+iHjy9y
RncFxPXE/hhp7Fnid6PkM4I+kWGANObzykTLuVkLYUZjhU1IKmG1CgO60oPd7Fe9
wzoNDe2/YtRonBtBdLZSXoIq0Hi3ZWnq7Y3Vy5V8S8zfBlq6/p8uYXOIqqjelMV4
OsUAqwWkMFW9V8hKoiR2o70pdAohZkmNPesUNaDGZjiEEDhDiDg00ONePfU1UQ3i
ljZBT7CEE1MyRIi3g1Sbf2Yc2V1JSGxA2bfbn/iS81an58M1Kr3IyH7jazNfsGaY
oS6dFVsLHOVePymwQo4MJeb6QGYYM64eZQIDAQABo4HzMIHwMB8GA1UdIwQYMBaA
FNHb6YiC5d0aj0yqAIy+fPKrG/bZMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAv
BggrBgEFBQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0w
OAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5jZmNhLmNvbS5jbi9SU0EvY3Js
Mjg0NzYuY3JsMAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUVN7VDIx7YSMQfBt6j8T8
BQUAA4IBAQAlF9NYVrCW9syA4GY4zy8doDyjBe12SdHsUpL4U5FftJkD2Gj+66Kf
V/7sqLlKqNqvkyaQScJ45hKCYjBvPjNhtkxzxgNDPJKk4kW4KiU8OFewB5ab/YmR
0Mmk+hV5eFWHxRdCiGGRIvKHr9mtC/l5U2K5LvwuKypqnVPv28qf4EVVFu2l2bPW
tTvtxIQrPOxnG6IyqrfJZA4EM/+67NTX3+FTSNthyviK0ovcHq39tNErqIZ7ph2q
ss9c2JF/MX/qoUDDDjdKy+0DFX/inPw6wlyp0WNDgipA4bSjh9C/B4Y/vJ5lsnvH
6UoTiUeglvQH3vmyLpDlAF9U4AMise2b
-----END CERTIFICATE-----`
   //message 是有原文进行Base64结果 
	message := "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxSZXF1ZXN0IHZlcnNpb249IjIuMSI+CiAgICA8SGVhZD4KICAgICAgICA8VHhjDwvQnJhbmNoTmFtZT4KICAgICAgICA8Tm90aWNlVVJMPmh0dHA6Ly9zcGF5Z3cubXN4Zi5jb20vb3V0dGVyL2NwY25feXFmL3NpZ25Bc3lOb3RpZnkvMDA3MjE1PC9Ob3RpY2VVUkw+CiAgICA8L0JvZHk+CjwvUmVxdWVzdD4="
	// signature 是对原文进行的签名结果再进行hex
	signature := "cafa78c2ecb8bca795330647fbd3eb198eb6c452700eee781474a989ab85668ca2e5c3167a6eda6cd66070c887b71c2681e7c1db5e25064be56a17361df23b3d53f6b666fc37d5a2ff3b581197630fdda2a431fcd9faff8a1156b6de455cf360fefdbf519a19b960ceb22f0d28e088df67cee2dc0d04e413b73bde55ac96944120c36a66ffa1b9fafb331db457418b5e67b8aa2d4c57fadc0f4a1674fc6ff8fac6933f750e591aed68332014fdb497bec1fd8ff9b35f15f8e9548"
	// 解析pem，构建证书
	cerDecode, _ := pem.Decode([]byte(cer))
	x509Cer, _ := x509.ParseCertificate(cerDecode.Bytes)

	publicKey := x509Cer.PublicKey.(*rsa.PublicKey)

	sign, _ := hex.DecodeString(signature)
	m, _ := base64.StdEncoding.DecodeString(message)
	fmt.Println(string(m))
	hash := sha1.New()
	hash.Write(m)
	err := rsa.VerifyPKCS1v15(publicKey, crypto.SHA1, hash.Sum(nil), sign)
	// 验证通过则err=nil,否则err则为：crypro/rsa: verification error
	fmt.Println(err)
}