Validate digital signature in PHP using public key from PFX certificate?

Validate digital signature in PHP using public key from PFX certificate? 25 Dec 2015

No specific Bitcoin Bounty has been announced by author. Still, anyone could send Bitcoin Tips to those who provide a good answer.

I need to validate a digital signature (RSA256) using openssl_verify function. To validate digital signature, one of course needs to know a public key, which is provided to me in the form of PFX certificate.

However, openssl_verify expects a so-called resource key identifier object as an input parameter, and it simply cannot use the key from PFX certificate directly.

I was hoping that function openssl_pkey_get_public would work - according to documentation it returns a positive key resource identifier on success, or FALSE on error.

However, in my tests function openssl_pkey_get_public is always returning FALSE without any additional error messages or anything. Here is my code:

$publicKeyRes = openssl_pkey_get_public(file_get_contents('certificate.pfx'));
$success = openssl_verify('SomeMessage', 'SomeSignature', $publicKeyRes, OPENSSL_ALGO_SHA256);

Question:

How can I validate digital signature using public key from PFX certificate?

Tags: php, certificate, openssl, pfx, digital-signature

Edited Jun 01'15 at 23:45

alex

Created Jun 01'15 at 18:51

lampego1@qrid

ADD COMMENT | SEND TIPS

Anonymous Oct 10'15 at 08:16

0.79999995 mBTC | 0.21 USD → lampego1@qrid

Anonymous Oct 10'15 at 08:35

1.3 mBTC | 0.31 USD (Pending) → lampego1@qrid

alex@qrid Dec 25'15 at 02:15

0.46 mBTC | 0.21 USD → lampego1@qrid

Here is my $0.21

Reply | Send Tips

1 Answer

Internet users could send Bitcoin Tips to you if they like your answer!

It looks like you cannot use PFX certificate with openssl_pkey_get_public. You need to convert your certificate from PFX to PEM format, and then extract the public key from PEM into PUB file, and then use PUB file with openssl_pkey_get_public. Here it is one more time:

Convert PFX certificate into PEM certificate - look here
Extract public key from PEM certificate using the following command:

openssl rsa -in privkey.pem -pubout > key.pub

** Please note the command above is a Unix shell command, and I used Bash console to execute this command in Windows. Bash console is being installed together with GIT for Windows - Git for Windows provides a BASH emulation used to run Git from the command line. Or alternatively you could use any other Unix shell implementation for Windows - there are many.

After you have done all of the above (it needs to be done one time only), change the 1st line your code to use key.pub file like this:

$publicKeyRes = openssl_pkey_get_public(file_get_contents('key.pub'));

Now it should return proper resource key identifier object that could be used with openssl_verify function to verify your RSA signature.

Hope this helps!

SEND BITCOIN TIPS

Edited Jun 02'15 at 10:04

lampego1@qrid

Created Jun 01'15 at 18:58

root

ADD COMMENT

Too many commands? Learning new syntax?

FavScripts.com is a free tool to save your favorite scripts and commands, then quickly find and copy-paste your commands with just few clicks.

Boost your productivity with FavScripts.com!

BitExperts