Reputation: 3920
Decrypt signed data from key and signature
The following PHP function verifies that the $data string was signed using $key to create the $signature:
<?php
$result = openssl_verify( $data , $signature , $key , OPENSSL_ALGO_SHA1 );
?>
Is there an equivalent PHP function where I can get the original $data string if I have the correct $signature and $key
Upvotes: 0
Views: 1698
Answers (2)
Reputation:
I think OP had a misconception about the signing process that I understand because I had it too.
The short answer is: no, there is no such PHP function, because it is impossible.
The digital signature is not just the original message ($data) encrypted with a Private Key.
It's the original message hashed into a "message digest" and then encrypted using a Private Key. If you were to decrypt the signature with the matching public key, you would actually obtain the "message digest".
However there is no way to obtain the original message from the "message digest" because the hashing process is one way by design.
Verifying the signature is the process of hashing $data with the same hashing function and comparing it to the "message digest" obtained from decrypting the signature with the Public Key.
I guess that's what php function openssl_verify does.
This page helped me understand: http://www.youdzone.com/signature.html
Upvotes: 1
Reputation: 713
$data IS the original $data string, that's what the openssl_verify call does - verify that $data is unchanged, using $signature and $key
If you're asking if a $signature can be used to generate the data, then no - even if you have the private key, you still cannot recreate the data.
Imagine if you have a physical document (like a Will), which is signed, and a signature card. While the signature card ($key)allows you to verify the signature is authentic ($signature), the signature cannot be used to recreate the original content of the document (say, for example, if ink is spilled across the top of the document, but not across the signature line) - even if you're the original signer of the document. It can only be used to authenticate THAT document (Will) was, in fact, signed (legally binding).
Digital signatures are a bit more complicated from a math perspective, and provide some subtly different mechanisms for authentication, but in this case the result is the same - a signature cannot be used to recreate an original document, even if you have the signature card ($key), and even if you have the private key.
Upvotes: 0
Related Questions
- openssl_decrypt not working as expected
- How to decrypt an encrypted string using openssl_decrypt
- Decrypt a signature using openssl_public_decrypt
- openssl- failed to decrypt data generated by PHP
- openssl_decrypt not decrypting data stored with openssl_encrypt
- OpenSSL Encryption / Decryption php
- Getting Signature of SSL Certificate in PHP
- Decryption with openssl not working
- can't decrypt encrypted RSA data by OpenSSL
- How to verify a signature via PHP that was created on the OpenSSL command line?