New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validating signed data using certificate (x509) #1259
Comments
If $data = 'test';
$rsa = new RSA();
$x509 = new X509();
$privatekey = file_get_contents(storage_path('app/private.pem'));
$rsa->loadKey($privatekey);
$signed = $rsa->sign($data);
$publickey = file_get_contents(storage_path('app/public.crt'));
$rsa = $x509->loadX509($publickey)->getPublicKey();
return $rsa->verify($data, $signed) ? 'verified' : 'unverified'; |
@terrafrost will try this! thanks! |
@terrafrost I've encountered this error |
Oh right - that makes sense - try this: $data = 'test';
$rsa = new RSA();
$x509 = new X509();
$privatekey = file_get_contents(storage_path('app/private.pem'));
$rsa->loadKey($privatekey);
$signed = $rsa->sign($data);
$publickey = file_get_contents(storage_path('app/public.crt'));
$x509->loadX509($publickey);
$rsa = $x509->getPublicKey();
return $rsa->verify($data, $signed) ? 'verified' : 'unverified'; Thanks! |
That works! Thank you @terrafrost |
Hi @terrafrost, Re-opening this issue again. Is it possible to do signing in phpseclib similar to what this blog is doing ? esp. in the signing section ? |
Are you referring to how it's looping through the certs until it finds one that matches the subject DN and then using that public key? |
i'm more concern in this part
If I can implement it similar to that snippet in phpseclib |
I think the whole API they use is excessively verbose. You can change the hash by doing this: $rsa->setHash('sha1'); phpseclib uses RSASSA-PSS by default for signing. RSASSA-PSS does not include the OID of the hash being used. RSASSA-PKCS1-v1_5 does, however, that's not as secure as RSASSA-PSS. If you want to use RSASSA-PKCS1-v1_5 you can do so by doing this: $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); If you wanted to create a RSASSA-PKCS1-v1_5 with an OID that doesn't correspond to the hash algorithm being used (eg. a malformed signature)... you can always write you're own padding code. You could |
I guess it'd help to know what you are trying to do that you feel you need an API more like theirs.. |
I do have a
private.pem
andpublic.crt
. my goal is to signed usingprivate.pem
and to verify its signature usingpublic.crt
. How do I achieve this by using phpseclib ?The text was updated successfully, but these errors were encountered: