Search the Community

Hello All, I am working on a project where the client has provided me with the public key file and the private-key is being passed via url, along with 2 params that will be used on my end. These are the basics of the process that I am to use for verifying. Generate your own plaintext message matching the format of the string provided Create a SHA1withRSA hash of this message using the provided public key (UTF-16LE encode and pass this value) Base64 decode the signature Using a SHA1withRSA validator, verify your hashed message matches the Base64 decoded value in step 3 At this point I have performed steps 1-3 but am having an issue with step 4. The code is failing here. When I say failing I mean it is not being verified. $base64Sig = base64_decode($signature, true); $publickey = getPemKey(); $rsa = new Crypt_RSA(); $rsa->loadKey($publickey, CRYPT_RSA_PUBLIC_FORMAT_RAW); $hashedPlainText = sha1($utfString); $utfString = mb_convert_encoding($hashedPlainText ,"UTF-16LE"); echo $rsa->verify($hashedPlainText, $base64Sig) ? 'verified' : 'unverified'; If anyone can provide me with a basic example or a few sites that have examples with example data, it would be appreciated as I'm not sure I am "Using a SHA1withRSA validator". Thanks ahead of time!

Hi there I wondered if there was anyone out there who could help me with a problem. I designed a PHP site, plain code and all, a number of years ago and it's worked great. Recently though I've been informed from my hosting company 1&1 that it would need to be updated from MySQL4 to 5 and I've spent the last fortnight trying to get things to work. The export and import into MySQL5 have all gone fine but on trying to login to the site the password would not autthenticate. Changing the passwd column from 16 to 41 does not work and the site only works if one requests a new password and the login then works fine - with the 41 character passwd column that is. Now this wouldn't pose a problem but there are now 20,000+ users and getting them all to request a new password would be tricky to say the least. I've tried everything - well everything apart from the correct thing - and I'm running out of patience. 1&1 are not replying to my mails and it's all going a bit wonky, I'm working evenings on this after a full day at work and this has now lasted a fortnight and I would love to see my daughter again. Any suggestions would be really welcome and I must apologise if I've posted this in the wrong forum but I'm steadily going a bit insane :-) If I could get them to set old_password to true on the server I think this would work but I get the feeling they can't do this on a none server hosted version. Please help.....

Greetings to all, Has anybody used this implementation of pbkdf2? http://crackstation.net/hashing-security.htm#phpsourcecode