local pkey = require "resty.openssl.pkey"
local digest = require "resty.openssl.digest"
-- 自定义 SM2 私钥(PEM 格式)
local priv_key_pem = [[
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQglZcHzcDmdgHMDike
ZQ/ySKWl6NHRVorkNS+V+yqvGdehRANCAASNXuZZycYGCX3ZPtF/68/wTsKDyibw
XxM08yTvz4BePCo0/gq5IyYYLGXKY9+9qVefePJ0CkkOb71Wd+xi7/U2
-----END PRIVATE KEY-----
]]
local priv_key, err = pkey.new(priv_key_pem, {
type = "pr",
format = "PEM",
})
-- if not priv_key then
-- ngx.say("Failed to load private key: ", err)
-- return
-- end
-- 要签名的数据
local data = "hello"
-- 计算数据的 SM3 哈希值
local hashed = digest.new("sm3"):final(data)
-- 使用私钥对哈希值进行签名
local sig, err = priv_key:sign(hashed, "sm3")
if not sig then
ngx.say("Failed to sign data: ", err)
return
end
-- 输出签名结果(Base64 编码)
ngx.say("Signature: ", ngx.encode_base64(sig))
-- 自定义 SM2 公钥(PEM 格式)
local pub_key_pem = [[
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEjV7mWcnGBgl92T7Rf+vP8E7Cg8om
8F8TNPMk78+AXjwqNP4KuSMmGCxlymPfvalXn3jydApJDm+9VnfsYu/1Ng==
-----END PUBLIC KEY-----
]]
local pub_key, err = pkey.new(pub_key_pem, {
format = "PEM",
type = "pu"
})
if not pub_key then
ngx.say("Failed to load public key: ", err)
return
end
-- 使用公钥验证签名
local is_valid, err = pub_key:verify(sig, hashed, "sm3")
if not is_valid then
ngx.say("Signature is invalid: ", err)
return
end
-- 输出验证结果
ngx.say("Signature is valid!")
