Validate digital signature in PHP using public key from PFX certificate?

$0
=
$0
+
$0
No specific Bitcoin Bounty has been announced by author. Still, anyone could send Bitcoin Tips to those who provide a good answer.
0

I need to validate a digital signature (RSA256) using openssl_verify function. To validate digital signature, one of course needs to know a public key, which is provided to me in the form of PFX certificate.

However, openssl_verify expects a so-called resource key identifier object as an input parameter, and it simply cannot use the key from PFX certificate directly.

I was hoping that function openssl_pkey_get_public would work - according to documentation it returns a positive key resource identifier on success, or FALSE on error.

However, in my tests function openssl_pkey_get_public is always returning FALSE without any additional error messages or anything. Here is my code:

$publicKeyRes = openssl_pkey_get_public(file_get_contents('certificate.pfx'));
$success = openssl_verify('SomeMessage', 'SomeSignature', $publicKeyRes, OPENSSL_ALGO_SHA256);

Question:

How can I validate digital signature using public key from PFX certificate?

Here is my $0.21

1 Answer - total earned - 0 BTC ($0 USD)

1
=
0
=
$0
Everyone, even non-registered users could send Bitcoin Tips to YOU if they are inspired by your answer!

It looks like you cannot use PFX certificate with openssl_pkey_get_public. You need to convert your certificate from PFX to PEM format, and then extract the public key from PEM into PUB file, and then use PUB file with openssl_pkey_get_public. Here it is one more time:

  1. Convert PFX certificate into PEM certificate - look here
  2. Extract public key from PEM certificate using the following command:

    openssl rsa -in privkey.pem -pubout > key.pub

** Please note the command above is a Unix shell command, and I used Bash console to execute this command in Windows. Bash console is being installed together with GIT for Windows - Git for Windows provides a BASH emulation used to run Git from the command line. Or alternatively you could use any other Unix shell implementation for Windows - there are many.

After you have done all of the above (it needs to be done one time only), change the 1st line your code to use key.pub file like this:

$publicKeyRes = openssl_pkey_get_public(file_get_contents('key.pub'));

Now it should return proper resource key identifier object that could be used with openssl_verify function to verify your RSA signature.

Hope this helps!

.

SEND BITCOIN TIPS
0

Post Answer


Top 3 Tippers
Recent Tips

Will Bitcoin Tipping become a new Internet Culture?


Please share our story! THANK YOU!