ANSWER:
It looks like you cannot use PFX certificate with openssl_pkey_get_public
. You need to convert your certificate from PFX to PEM format, and then extract the public key from PEM into PUB file, and then use PUB file with openssl_pkey_get_public
. Here it is one more time:
- Convert PFX certificate into PEM certificate - look here
Extract public key from PEM certificate using the following command:
openssl rsa -in privkey.pem -pubout > key.pub
** Please note the command above is a Unix shell command, and I used Bash console to execute this command in Windows. Bash console is being installed together with GIT for Windows - Git for Windows provides a BASH emulation used to run Git from the command line. Or alternatively you could use any other Unix shell implementation for Windows - there are many.
After you have done all of the above (it needs to be done one time only), change the 1st line your code to use key.pub
file like this:
$publicKeyRes = openssl_pkey_get_public(file_get_contents('key.pub'));
Now it should return proper resource key identifier object that could be used with openssl_verify
function to verify your RSA signature.
Hope this helps!
.