This too could be done as a pre/post step if you don't want to write your own encoder/decoder from the ground-up. For instance, 0 (A) would be encoded as "AA", 62 (+) would be encoded as "AB" and 63 (/) would be encoded as "AC". As a rule, such strings cannot be decoded without additional processing or human intervention, and because of this some inexperienced users mistakenly think that these strings are not decodable. For example, this can happen if the source outputs an unexpected Base64 standard, the user copied unnecessary data, or something damaged the Base64 value.
If you have no alternative suitable "funny" characters to choose from (perhaps all the other characters are invalid leaving only the 62 alphanumeric characters to choose from), you can always use an escape character for a very slight (~3/64?) increase in size. Quite often, users cannot decode Base64, because they got a malformed or invalid string. Skeet points out, find an existing library with enough flexibility.
While base64 encoder/decoders are trivial, replacement subsitution can be done in a simple pre/post processing step of an existing base64 encode/decode functions (inside wrappers) - no need to re-invent the wheel (entirely). Consider some other variants: base64 Variant table from Wikipedia. Openssl dgst -verify pubkey.pem -sha256 -signature tmp_sig.hex tmp_utx.Pick your replacements. Openssl dgst -sign privkey.pem -sha256 tmp_utx.hex > tmp_sig.hex Openssl dgst -sign privkey.pem -sha256 -hex tmp_utx.hex To review, open the file in an editor that reveals hidden Unicode characters. Openssl ec -in privkey.pem -pubout -out pubkey.pem This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. OUQDQgAEvzUNKCE3UVimCLUePomOUH/kfy0ujHdN5Kmn7ez3TtokJDy5ksVnOgf6 MHQCAQEEIDzQVg9bJ1kZFsZDoLeqadA4OTgKc40ukSmQ3MVzcV0soAcGBSuBBAAK When using OpenSSL to sign, you must also make sure you are signing hex data, and not strings (this is explained in the answer of the link I provided in my comment). I couldn't see how you created your privkey, but the way to go is through the ASN.1 structure, and then base64 it. ghost mentioned this issue on Aug 13, 2018.
When I verify your self created privkey, I get this error:Įrror:0D07207B:asn1 encoding routines:ASN1_get_object:header too long : 1 error (s) occurred: awslaunchtemplate.test: InvalidUserData.Malformed: Invalid BASE64 encoding of user data. What is wrong with the pem format that I'm generating using an existing private key? MHcCAQEEINhhp8dYz31X+KWq3u/gutJthvW2puUbB9AOIul/v2SOoAoGCCqGSM49ĪwEHoUQDQgAE0jE7TIszCklw//SGyYW0+z38PUxwfkip9WS4UUn68f7D78D6ZQ/O I'm using the following function: openssl_sign($hash, $signature, $private_key, OPENSSL_ALGO_SHA256).īut when I generate a random private key using SSL, for example: String base64 Base64.toBase64String(signedchallenge) CMSSignedData cms new CMSSignedData(code(base64)) Store store cms.getCertificates() SignerInformationStore signers cms.getSignerInfos() Collection c signers. Converting the private key to a pem format (so SSL can use it), I generate the following base64 string: PNBWD1snWRkWxkOgt6pp0Dg5OApzjS6RKZDcxXNxXSw=.
0 kommentar(er)
