PHP: Hypertext Preprocessor (original) (raw)

openssl_verify

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

openssl_verify — Verify signature

Description

Return Values

Returns 1 if the signature is correct, 0 if it is incorrect, and -1 or [false](reserved.constants.php#constant.false) on error.

Examples

Example #1 openssl_verify() example

`<?php
// dataanddata and dataandsignature are assumed to contain the data and the signature

// fetch public key from certificate and ready it pubkeyid=opensslpkeygetpublic("file://src/openssl−0.9.6/demos/sign/cert.pem");//statewhethersignatureisokayornot<spanclass="katex"><spanclass="katex−mathml"><mathxmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>o</mi><mi>k</mi><mo>=</mo><mi>o</mi><mi>p</mi><mi>e</mi><mi>n</mi><mi>s</mi><mi>s</mi><msub><mi>l</mi><mi>v</mi></msub><mi>e</mi><mi>r</mi><mi>i</mi><mi>f</mi><mi>y</mi><mostretchy="false">(</mo></mrow><annotationencoding="application/x−tex">ok=opensslverify(</annotation></semantics></math><spanclass="katex−html"aria−hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"><spanclass="mordmathnormal">o<spanclass="mordmathnormal"style="margin−right:0.03148em;">k<spanclass="mspace"style="margin−right:0.2778em;"><spanclass="mrel">=<spanclass="mspace"style="margin−right:0.2778em;"><spanclass="base"><spanclass="strut"style="height:1em;vertical−align:−0.25em;"><spanclass="mordmathnormal">o<spanclass="mordmathnormal">p<spanclass="mordmathnormal">e<spanclass="mordmathnormal">n<spanclass="mordmathnormal">ss<spanclass="mord"><spanclass="mordmathnormal"style="margin−right:0.01968em;">l<spanclass="msupsub"><spanclass="vlist−tvlist−t2"><spanclass="vlist−r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:−2.55em;margin−left:−0.0197em;margin−right:0.05em;"><spanclass="pstrut"style="height:2.7em;"><spanclass="sizingreset−size6size3mtight"><spanclass="mordmathnormalmtight"style="margin−right:0.03588em;">v<spanclass="vlist−s"><spanclass="vlist−r"><spanclass="vlist"style="height:0.15em;"><spanclass="mordmathnormal"style="margin−right:0.02778em;">er<spanclass="mordmathnormal">i<spanclass="mordmathnormal"style="margin−right:0.10764em;">f<spanclass="mordmathnormal"style="margin−right:0.03588em;">y<spanclass="mopen">(data,pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");// state whether signature is okay or not <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>o</mi><mi>k</mi><mo>=</mo><mi>o</mi><mi>p</mi><mi>e</mi><mi>n</mi><mi>s</mi><mi>s</mi><msub><mi>l</mi><mi>v</mi></msub><mi>e</mi><mi>r</mi><mi>i</mi><mi>f</mi><mi>y</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">ok = openssl_verify(</annotation></semantics></math>ok=opensslverify(data, pubkeyid=opensslpkeygetpublic("file://src/openssl−0.9.6/demos/sign/cert.pem");//statewhethersignatureisokayornot<spanclass="katex"><spanclass="katex−mathml"><mathxmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>o</mi><mi>k</mi><mo>=</mo><mi>o</mi><mi>p</mi><mi>e</mi><mi>n</mi><mi>s</mi><mi>s</mi><msub><mi>l</mi><mi>v</mi></msub><mi>e</mi><mi>r</mi><mi>i</mi><mi>f</mi><mi>y</mi><mostretchy="false">(</mo></mrow><annotationencoding="application/x−tex">ok=opensslverify(</annotation></semantics></math><spanclass="katex−html"aria−hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"><spanclass="mordmathnormal">o<spanclass="mordmathnormal"style="margin−right:0.03148em;">k<spanclass="mspace"style="margin−right:0.2778em;"><spanclass="mrel">=<spanclass="mspace"style="margin−right:0.2778em;"><spanclass="base"><spanclass="strut"style="height:1em;vertical−align:−0.25em;"><spanclass="mordmathnormal">o<spanclass="mordmathnormal">p<spanclass="mordmathnormal">e<spanclass="mordmathnormal">n<spanclass="mordmathnormal">ss<spanclass="mord"><spanclass="mordmathnormal"style="margin−right:0.01968em;">l<spanclass="msupsub"><spanclass="vlist−tvlist−t2"><spanclass="vlist−r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:−2.55em;margin−left:−0.0197em;margin−right:0.05em;"><spanclass="pstrut"style="height:2.7em;"><spanclass="sizingreset−size6size3mtight"><spanclass="mordmathnormalmtight"style="margin−right:0.03588em;">v<spanclass="vlist−s"><spanclass="vlist−r"><spanclass="vlist"style="height:0.15em;"><spanclass="mordmathnormal"style="margin−right:0.02778em;">er<spanclass="mordmathnormal">i<spanclass="mordmathnormal"style="margin−right:0.10764em;">f<spanclass="mordmathnormal"style="margin−right:0.03588em;">y<spanclass="mopen">(data,signature, $pubkeyid);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>`

Example #2 openssl_verify() example

<?php //data you want to sign $data = 'my data';//create new private and public key $private_key_res = openssl_pkey_new(array( "private_key_bits" => 2048, "private_key_type" => OPENSSL_KEYTYPE_RSA, )); <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>d</mi><mi>e</mi><mi>t</mi><mi>a</mi><mi>i</mi><mi>l</mi><mi>s</mi><mo>=</mo><mi>o</mi><mi>p</mi><mi>e</mi><mi>n</mi><mi>s</mi><mi>s</mi><msub><mi>l</mi><mi>p</mi></msub><mi>k</mi><mi>e</mi><msub><mi>y</mi><mi>g</mi></msub><mi>e</mi><msub><mi>t</mi><mi>d</mi></msub><mi>e</mi><mi>t</mi><mi>a</mi><mi>i</mi><mi>l</mi><mi>s</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">details = openssl_pkey_get_details(</annotation></semantics></math>details=opensslpkeygetdetails(private_key_res); <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>p</mi><mi>u</mi><mi>b</mi><mi>l</mi><mi>i</mi><msub><mi>c</mi><mi>k</mi></msub><mi>e</mi><msub><mi>y</mi><mi>r</mi></msub><mi>e</mi><mi>s</mi><mo>=</mo><mi>o</mi><mi>p</mi><mi>e</mi><mi>n</mi><mi>s</mi><mi>s</mi><msub><mi>l</mi><mi>p</mi></msub><mi>k</mi><mi>e</mi><msub><mi>y</mi><mi>g</mi></msub><mi>e</mi><msub><mi>t</mi><mi>p</mi></msub><mi>u</mi><mi>b</mi><mi>l</mi><mi>i</mi><mi>c</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">public_key_res = openssl_pkey_get_public(</annotation></semantics></math>publickeyres=opensslpkeygetpublic(details['key']);//create signature openssl_sign($data, <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>s</mi><mi>i</mi><mi>g</mi><mi>n</mi><mi>a</mi><mi>t</mi><mi>u</mi><mi>r</mi><mi>e</mi><mo separator="true">,</mo></mrow><annotation encoding="application/x-tex">signature, </annotation></semantics></math>signature,private_key_res, "sha256WithRSAEncryption");//verify signature <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>o</mi><mi>k</mi><mo>=</mo><mi>o</mi><mi>p</mi><mi>e</mi><mi>n</mi><mi>s</mi><mi>s</mi><msub><mi>l</mi><mi>v</mi></msub><mi>e</mi><mi>r</mi><mi>i</mi><mi>f</mi><mi>y</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">ok = openssl_verify(</annotation></semantics></math>ok=opensslverify(data, <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>s</mi><mi>i</mi><mi>g</mi><mi>n</mi><mi>a</mi><mi>t</mi><mi>u</mi><mi>r</mi><mi>e</mi><mo separator="true">,</mo></mrow><annotation encoding="application/x-tex">signature, </annotation></semantics></math>signature,public_key_res, OPENSSL_ALGO_SHA256); if ($ok == 1) { echo "valid"; } elseif ($ok == 0) { echo "invalid"; } else { echo "error: ".openssl_error_string(); } ?>

Found A Problem?

Stiv ¶

19 years ago

`I've finally found a way to verify signature. Sample in the documentation doesn't work. Code bellow DOES work :)

cert=fread(cert = fread(cert=fread(fp, 8192); fclose($fp);// state whether signature is okay or not // use the certificate, not the public key ok=opensslverify(ok = openssl_verify(ok=opensslverify(data, signature,signature, signature,cert); if ($ok == 1) { echo "good"; } elseif ($ok == 0) { echo "bad"; } else { echo "ugly, error checking signature"; } ?>

mikey at badpenguins dot com ¶

14 years ago

`I spent days scouring the php openssl documentation trying to figure out how to do what sounds like a simple task - given two PEM encoded certificates, is one the signer of the other? Nowhere in the openssl_verify() documentation or comments is it explained where to obtain the signature of an existing certificate. The openssl_x509_parse() function looked promising, but it is an unstable API that may change.

I had to write my own code to determine if one cert signed another, it is located here: http://badpenguins.com/source/misc/isCertSigner.php?viewSource

In a nutshell here is what I learned...

The signature data in a signed X.509 certificate contains DER formatted data about the signature that is encrypted with the signers public key. The data contains a hash of the original subject certificate and information about what encryption algorithm was used to create the signature.

So you need to get this signature data and a copy of the original certificate with the issuer and signature sequences removed. Hash a copy of the original certificate (sans issuer/signature sequences) with the same algorithm the issuer used and if the hashes match, you have the issuer cert that signed the certificate.

meint dot post at bigfoot dot com ¶

23 years ago

`Anbybody trying to get a Win32 CryptoAPI based digital signature component to work with the openssl_verify() function should be aware that the CryptoAPI PKCS1 (RSA) method uses bytes in reverse order while the openssl_verify() method expects a correctly formatted PKCS1 digital signature (as should be). I learned this the hard way and it took me some time to dig this out. A simple solution in VBScript to reverse the byte order:

N = Len(Blob.Hex)

' reverse bytes in the signature using Hex format
For i = 1 To N - 1 Step 2
s = Mid(Blob, i, 2) & s
Next

s contains the digital signature in reverse order. Blob is an arbitrary binary container.

Send the signature off in Hex format and use a hex2bin method in PHP to convert to the correct format for openssl_verify(), i.e.

function hex2bin($data) {

len=strlen(len = strlen(len=strlen(data);
return pack("H" . len,len, len,data);

}

That's it, hope it helps out. BTW I used ASPEncrypt to toy around with on Win32 platform. Works only with Internet Explorer but you could also use a Java applet and have none of the abovementioned problems :-)

peter dot labos at gmail dot com ¶

7 years ago

`openssl_verify() is populating openssl_error_string() even on false.

When openssl_verify() returns 0, openssl_error_string() is populated with 1.
I spent lot of time to understand, while my next call to openssl was failing with checks for error.

c=filegetcontents(c = file_get_contents(c=filegetcontents(filename); publicKey=opensslpkeygetpublic(publicKey = openssl_pkey_get_public(publicKey=opensslpkeygetpublic(c); result=opensslverify(′freedom′,′someirrelevantnosign′,result = openssl_verify('freedom', 'someirrelevantnosign', result=opensslverify(′freedom′,′someirrelevantnosign′,publicKey);$error = ""; while ( $msg = openssl_error_string() !== false) { error.=error .= error.=msg; } if (!empty( $error)) { echo $error; // 1 } ` [ **_steve dot venable at lmco dot com_**](#21889)[ ¶](#21889) **22 years ago** `A note about the openssl_verify() (and some of the other functions). The public key comes from a certificate in any of the support formats (as the example shows, use openssl_get_publickey() to get the resource id). But after some trial and error I found the signature string MUST BE BINARY. While no error occurs, passing a base64-formatted signature string (PEM format?), you simply get a mismatch. When I did the base64 decode myself, the verify returned a match (return value 1). You can simply drop the begin/end lines and take the output of the 'base64_decode()' function.` [ **_phpdev at fpierrat dot fr_**](#126439)[ ¶](#126439) **3 years ago** `As stated from the doc: "Returns 1 if the signature is correct, 0 if it is incorrect, and -1 or false on error. " In the second example as a well as in Stiv's note, following condition will match for both 0 or false, which have different meaning: elseif ($ok == 0) { echo "bad"; } On should do an identical test here (===) instead of an equal test (==): elseif ($ok === 0) { echo "bad"; } --- var_dump(0==false); //==> true var_dump(0===false);//==> false ` [ **_attila dot m dot magyar at gmail dot com_**](#115617)[ ¶](#115617) **10 years ago** `mikey at badpenguins dot com -- validating an X509 certificate chain in php seems to be possible with openssl_x509_checkpurpose()` [ **_jeremie dot gomez at gmail dot com_**](#105612)[ ¶](#105612) **13 years ago** `You can actually use the public key as third parameter and not the certificate. If you can't make it work, make sure that : 1) Your public key is well formatted. It seems that it must have the ----BEGIN PUBLIC KEY---- and ----END PUBLIC KEY---- 2) Your signature is in binary format. You can use the php base64_decode for this. `