Validating signed data using certificate (x509)

[nicopenaredondo]

I do have a private.pem and public.crt. my goal is to signed using private.pem and to verify its signature using public.crt. How do I achieve this by using phpseclib ?

$data = 'test';
$rsa = new RSA();
$x509 = new X509();
$privatekey = file_get_contents(storage_path('app/private.pem'));
$rsa->loadKey($privatekey);
$signed = $rsa->sign($data);

$publickey = file_get_contents(storage_path('app/public.crt'));
$rsa->loadKey($publickey);
return $rsa->verify($data, $signed) ? 'verified' : 'unverified';

[terrafrost]

If app/public.crt is an X.509 cert then you'd need to do something like this:

$data = 'test';
$rsa = new RSA();
$x509 = new X509();
$privatekey = file_get_contents(storage_path('app/private.pem'));
$rsa->loadKey($privatekey);
$signed = $rsa->sign($data);

$publickey = file_get_contents(storage_path('app/public.crt'));
$rsa = $x509->loadX509($publickey)->getPublicKey();
return $rsa->verify($data, $signed) ? 'verified' : 'unverified';

[nicopenaredondo]

@terrafrost will try this! thanks!

[nicopenaredondo]

@terrafrost I've encountered this error Call to a member function getPublicKey() on array upon trying your suggestion

[terrafrost]

Oh right - that makes sense - try this:

$data = 'test';
$rsa = new RSA();
$x509 = new X509();
$privatekey = file_get_contents(storage_path('app/private.pem'));
$rsa->loadKey($privatekey);
$signed = $rsa->sign($data);

$publickey = file_get_contents(storage_path('app/public.crt'));
$x509->loadX509($publickey);
$rsa = $x509->getPublicKey();
return $rsa->verify($data, $signed) ? 'verified' : 'unverified';

Thanks!

[nicopenaredondo]

That works! Thank you @terrafrost

[nicopenaredondo]

Hi @terrafrost,

Re-opening this issue again. Is it possible to do signing in phpseclib similar to what this blog is doing ?

https://blogs.msdn.microsoft.com/alejacma/2008/06/25/how-to-sign-and-verify-the-signature-with-net-and-a-certificate-c/

esp. in the signing section ?

[terrafrost]

Are you referring to how it's looping through the certs until it finds one that matches the subject DN and then using that public key?

[nicopenaredondo]

i'm more concern in this part

return csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));

If I can implement it similar to that snippet in phpseclib

[terrafrost]

I think the whole API they use is excessively verbose.

You can change the hash by doing this:

$rsa->setHash('sha1');

phpseclib uses RSASSA-PSS by default for signing. RSASSA-PSS does not include the OID of the hash being used. RSASSA-PKCS1-v1_5 does, however, that's not as secure as RSASSA-PSS.

If you want to use RSASSA-PKCS1-v1_5 you can do so by doing this:

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);

If you wanted to create a RSASSA-PKCS1-v1_5 with an OID that doesn't correspond to the hash algorithm being used (eg. a malformed signature)... you can always write you're own padding code. You could $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_NONE); and then do $rsa->encrypt(), which is equivalent to modular exponentiation (with the caveat that it'll still take advantage of the chinese remainder theorem). You could then simply copy / paste the code from the _rsassa_pkcs1_v1_5_sign method and adapt it to your purposes.

[terrafrost]

I guess it'd help to know what you are trying to do that you feel you need an API more like theirs..