Reputation: 8616
How to verify a signature via PHP that was created on the OpenSSL command line?
It seems that PHP's openssl_sign and openssl_verify functions perform hashing of the data before signing, due to size restrictions, so I've tried emulating this on the command line.
Signing via openssl:
echo "foo" | openssl dgst -sha1 -binary | openssl rsautl -inkey priv.pem -sign > sig.bin
then verifying via PHP
$key = openssl_pkey_get_public('pub.pem');
$ver = openssl_verify( "foo\n", file_get_contents('sig.bin'), $key, OPENSSL_ALGO_SHA1 );
// $ver always 0
I've tried numerous combinations, binary and hex forms of the hash, with and without the trailing newline, and even hashing before passing into php function
Upvotes: 1
Views: 1286
Answers (1)
Reputation: 8616
My findings are that PHP's sign and verify are not interoperable with openssl's rsautl -sign and -verify options. PHP seems to add some meta data, (an extra 15 bytes) although I don't know what it means.
My solution: I am using encrypt and decrypt functions directly and handling the hashing myself.
This way, the command line -verify option is analogous to "decrypt with public key".
By the same token -sign is analogous to "encrypt with public key"
In fact, this way you can define your own signature format, for example including a date along with the hash
Upvotes: 1
Related Questions
- Verify SSL Certificates using Openssl in PHP
- Decrypt a signature using openssl_public_decrypt
- Need help understanding php signature verification
- How to verify CA using PHP's OpenSSL extension?
- PHP implementation of openssl dgst -sha256 -sign
- How to verify a digital signature with openssl
- Windows to verify signature from Open SSL php
- Getting Signature of SSL Certificate in PHP
- sign a file with openssl in php and verify in c++
- Failure to verify openssl signatures in PHP