Validate digital signature in PHP using public key from PFX certificate?

No specific Bitcoin Bounty has been announced by author. Still, anyone could send Bitcoin Tips to those who provide a good answer.

I need to validate a digital signature (RSA256) using openssl_verify function. To validate digital signature, one of course needs to know a public key, which is provided to me in the form of PFX certificate.

However, openssl_verify expects a so-called resource key identifier object as an input parameter, and it simply cannot use the key from PFX certificate directly.

I was hoping that function openssl_pkey_get_public would work - according to documentation it returns a positive key resource identifier on success, or FALSE on error.

However, in my tests function openssl_pkey_get_public is always returning FALSE without any additional error messages or anything. Here is my code:

$publicKeyRes = openssl_pkey_get_public(file_get_contents('certificate.pfx'));
$success = openssl_verify('SomeMessage', 'SomeSignature', $publicKeyRes, OPENSSL_ALGO_SHA256);


How can I validate digital signature using public key from PFX certificate?

User rating:

Here is my $0.21

1 Answer

Internet users could send Bitcoin Tips to you if they like your answer!

It looks like you cannot use PFX certificate with openssl_pkey_get_public. You need to convert your certificate from PFX to PEM format, and then extract the public key from PEM into PUB file, and then use PUB file with openssl_pkey_get_public. Here it is one more time:

  1. Convert PFX certificate into PEM certificate - look here
  2. Extract public key from PEM certificate using the following command:

    openssl rsa -in privkey.pem -pubout >

** Please note the command above is a Unix shell command, and I used Bash console to execute this command in Windows. Bash console is being installed together with GIT for Windows - Git for Windows provides a BASH emulation used to run Git from the command line. Or alternatively you could use any other Unix shell implementation for Windows - there are many.

After you have done all of the above (it needs to be done one time only), change the 1st line your code to use file like this:

$publicKeyRes = openssl_pkey_get_public(file_get_contents(''));

Now it should return proper resource key identifier object that could be used with openssl_verify function to verify your RSA signature.

Hope this helps!



Too many commands? Learning new syntax? is a free tool to save your favorite scripts and commands, then quickly find and copy-paste your commands with just few clicks.

Boost your productivity with!

Post Answer