openssl_verify() fails when passing a public key as string instead of an asymetric public key #9686
Closed as not planned
Description
Description
In PHP 7.x, we have a process by which you sign a package using a string formatted private key using the SHA1 algorithm, and then verify that signature whilst reading in the encoded string.
It appears in PHP 8.0.13 (Rocky9), when you attempt to run openssl_verify() using the matching public key, the verification fails. This did not happen in prior releases.
The following code:
<?php
blah
...
$public_key = 'some string';
$ok = openssl_verify($fdata, $binary_signature, $public_key, OPENSSL_ALGO_SHA1);
if ($ok == 1) {
cacti_log('NOTE: File OK: ' . $f['name'], false, 'IMPORT', POLLER_VERBOSITY_MEDIUM);
} else {
cacti_log('FATAL: Could not Verify Signature for file: ' . $f['name'], true, 'IMPORT', POLLER_VERBOSITY_LOW);
return false;
}What has changed and what can I do to ensure backward compatibility? I tried passing a string to openssl_pkey_get_public(), but that dog did not hunt either. It was a golden retriever ;)
TheWitness
PHP Version
PHP 8.0.13
Operating System
Rocky 9