builderbreaker Posted April 17, 2017 Share Posted April 17, 2017 Hi All First post here. Not sure where else to ask this, after few hours of research... I am trying to create a signature file in PHP (server-side), that can be sent to and verified by a remote client (will be in C++). I am using openssl_sign function (I've also written it using phpseclib - no luck there either). I am writing the signature to a file and attempting to verify with OpenSSL command line. Doesn't seem to work. My first attempt was just to got through the motions with OpenSSL command line: openssl rsautl -in test_data.txt -out signed_test_data.txt -inkey private.key -sign openssl rsautl -in signed_test_data.txt -pubin -inkey public.pem -verify First command creates a signature file; and the second verifies it. All works as expected here. Then I moved on to signing with PHP and attempting to verify with OpenSSL (second command above): // testing - no validation, etc. Used phpseclib as well, wit the same luck. function openssl_sign_data($data) { $private_key_file = "/tmp/test/private.key"; $private_key = file_get_contents($private_key_file); $private_key_id = openssl_get_privatekey($private_key); // also fiddled with passing an algorithm constant, but that's not the issue. openssl_sign($data, $signature, $private_key_id); openssl_free_key($private_key_id); file_put_contents("tmp/test/test.sig, $signature); } After I do that, verifying the output file (test.sig) via the OpenSSL command line returns junk... Or at least what looks like junk. While creating and verifying with OpenSSL CLI returns file content. My understanding is that PHP OpenSSL sign function (and based on verify function) only creates the signature, but does not pack the file content into the output data. While doing the same with OpenSSL obviously shows that data is included somehow. For example: ➜ echo 'SSL packs data here' > test_signature.txt ➜ cat test_signature.txt SSL packs data here ➜ ➜ openssl rsautl -in test_signature.txt -out test_signature.sig -inkey private.key -sign ➜ ➜ ls -al test_signature.sig -rw-r--r-- 1 root root 256 Apr 18 01:21 test_signature.sig ➜ ➜ rm test_signature.txt ➜ ➜ openssl rsautl -in test_signature.sig -pubin -inkey public.pem -verify SSL packs data here I am trying to replicate this (the sign side of things) in PHP and to test, verify with OpenSSL, any help would be really appreciated. Thanks Link to comment Share on other sites More sharing options...
Jacques1 Posted April 17, 2017 Share Posted April 17, 2017 openssl_private_encrypt() is the equivalent of your OpenSSL commands. Note that this calculates an RSA signature of the raw input, which only makes sense in very exotic scenarios. If you want to sign data, this is not the right approach. So make sure you fully understand the cryptographic background. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.