PHP 8.4.2 Released!

openssl_verify

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

openssl_verifyÜberprüft eine Signatur

Beschreibung

openssl_verify(
    string $data,
    string $signature,
    OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $public_key,
    string|int $algorithm = OPENSSL_ALGO_SHA1
): int|false

Die Funktion openssl_verify() überprüft die Korrektheit der Signatur signature für die angegebenen Daten data mit Hilfe des öffentlichen Schlüssels public_key. Dieser muss der zum privaten Schlüssel passende öffentliche sein, der für die Signatur verwendet wurde.

Parameter-Liste

data

Die Zeichenkette der Daten, mit denen die Signatur zuvor erzeugt wurde.

signature

Eine rohe binäre Zeichenkette, erzeugt durch openssl_sign() oder ähnliche Mittel.

public_key

OpenSSLAsymmetricKey - ein von openssl_get_publickey() zurückgegebener Schlüssel.

string - ein PEM-formatierter Schlüssel (z. B. -----BEGIN PUBLIC KEY----- MIIBCgK...).

algorithm

int - einer dieser Signatur-Algorithmen.

string - eine von openssl_get_md_methods() zurückgegebene gültige Zeichenkette, beispielsweise "sha1WithRSAEncryption" oder "sha512".

Rückgabewerte

Gibt bei einer korrekten Signatur 1 zurück, 0 bei einer unkorrekten und -1 oder false, falls ein Fehler aufgetreten ist.

Changelog

Version Beschreibung
8.0.0 public_key akzeptiert nun eine OpenSSLAsymmetricKey- oder OpenSSLCertificate-Instanz; vorher wurde eine Ressource vom Typ OpenSSL-Schlüssel oder OpenSSL X.509 akzeptiert.

Beispiele

Beispiel #1 openssl_verify()-Beispiel

<?php
// Annahme: $data und $signature enthalten die Daten und die Signatur

// holen des öffentlichen Schlüssels aus dem Zertifikat und vorbereiten
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");

// feststellen, ob die Signatur ok ist oder nicht
$ok = openssl_verify($data, $signature, $pubkeyid);
if (
$ok == 1) {
echo
"gut";
} elseif (
$ok == 0) {
echo
"schlecht";
} else {
echo
"Mist, Fehler beim überprüfen der Signatur";
}

// Löschen des Schlüssels aus dem Speicher
openssl_free_key($pubkeyid);
?>

Beispiel #2 openssl_verify()-Beispiel

<?php
// die zu signierenden Daten
$data = 'my data';

// erzeuge neuen privaten und öffentlichen Schlüssel
$private_key_res = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$details = openssl_pkey_get_details($private_key_res);
$public_key_res = openssl_pkey_get_public($details['key']);

// erzeuge Signatur
openssl_sign($data, $signature, $private_key_res, "sha256WithRSAEncryption");

// überprüfe Signatur
$ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA256);
if (
$ok == 1) {
echo
"gültig";
} elseif (
$ok == 0) {
echo
"ungültig";
} else {
echo
"Fehler: ".openssl_error_string();
}
?>

Siehe auch

add a note

User Contributed Notes 8 notes

up
7
Stiv
18 years ago
I've finally found a way to verify signature. Sample in the documentation doesn't work. Code bellow DOES work :)

<?php
// $data is assumed to contain the data to be signed

// fetch certificate from file and ready it
$fp = fopen("path/file.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);

// state whether signature is okay or not
// use the certificate, not the public key
$ok = openssl_verify($data, $signature, $cert);
if (
$ok == 1) {
echo
"good";
} elseif (
$ok == 0) {
echo
"bad";
} else {
echo
"ugly, error checking signature";
}
?>
up
5
mikey at badpenguins dot com
14 years ago
I spent days scouring the php openssl documentation trying to figure out how to do what sounds like a simple task - given two PEM encoded certificates, is one the signer of the other? Nowhere in the openssl_verify() documentation or comments is it explained where to obtain the signature of an existing certificate. The openssl_x509_parse() function looked promising, but it is an unstable API that may change.

I had to write my own code to determine if one cert signed another, it is located here: http://badpenguins.com/source/misc/isCertSigner.php?viewSource

In a nutshell here is what I learned...

The signature data in a signed X.509 certificate contains DER formatted data about the signature that is encrypted with the signers public key. The data contains a hash of the original subject certificate and information about what encryption algorithm was used to create the signature.

So you need to get this signature data and a copy of the original certificate with the issuer and signature sequences removed. Hash a copy of the original certificate (sans issuer/signature sequences) with the same algorithm the issuer used and if the hashes match, you have the issuer cert that signed the certificate.
up
2
meint dot post at bigfoot dot com
23 years ago
Anbybody trying to get a Win32 CryptoAPI based digital signature component to work with the openssl_verify() function should be aware that the CryptoAPI PKCS1 (RSA) method uses bytes in reverse order while the openssl_verify() method expects a correctly formatted PKCS1 digital signature (as should be). I learned this the hard way and it took me some time to dig this out. A simple solution in VBScript to reverse the byte order:

N = Len(Blob.Hex)

' reverse bytes in the signature using Hex format
For i = 1 To N - 1 Step 2
s = Mid(Blob, i, 2) & s
Next

s contains the digital signature in reverse order. Blob is an arbitrary binary container.

Send the signature off in Hex format and use a hex2bin method in PHP to convert to the correct format for openssl_verify(), i.e.

function hex2bin($data) {

$len = strlen($data);
return pack("H" . $len, $data);

}

That's it, hope it helps out. BTW I used ASPEncrypt to toy around with on Win32 platform. Works only with Internet Explorer but you could also use a Java applet and have none of the abovementioned problems :-)
up
2
peter dot labos at gmail dot com
6 years ago
openssl_verify() is populating openssl_error_string() even on false.

When openssl_verify() returns 0, openssl_error_string() is populated with 1.
I spent lot of time to understand, while my next call to openssl was failing with checks for error.

<?php
$c
= file_get_contents($filename);
$publicKey = openssl_pkey_get_public($c);
$result = openssl_verify('freedom', 'someirrelevantnosign', $publicKey);

$error = "";

while (
$msg = openssl_error_string() !== false) {
$error .= $msg;
}

if (!empty(
$error)) {
echo
$error; // 1
}
up
2
steve dot venable at lmco dot com
22 years ago
A note about the openssl_verify() (and some of the other functions). The public key comes from a certificate in any of the support formats (as the example shows, use openssl_get_publickey() to get the resource id). But after some trial and error I found the signature string MUST BE BINARY. While no error occurs, passing a base64-formatted signature string (PEM format?), you simply get a mismatch. When I did the base64 decode myself, the verify returned a match (return value 1). You can simply drop the begin/end lines and take the output of the 'base64_decode()' function.
up
2
phpdev at fpierrat dot fr
3 years ago
As stated from the doc: "Returns 1 if the signature is correct, 0 if it is incorrect, and -1 or false on error. "

In the second example as a well as in Stiv's note, following condition will match for both 0 or false, which have different meaning:
elseif ($ok == 0) {
echo "bad";
}

On should do an identical test here (===) instead of an equal test (==):
elseif ($ok === 0) {
echo "bad";
}
---
var_dump(0==false); //==> true
var_dump(0===false);//==> false
up
0
attila dot m dot magyar at gmail dot com
10 years ago
mikey at badpenguins dot com -- validating an X509 certificate chain in php seems to be possible with openssl_x509_checkpurpose()
up
0
jeremie dot gomez at gmail dot com
13 years ago
You can actually use the public key as third parameter and not the certificate.

If you can't make it work, make sure that :

1) Your public key is well formatted. It seems that it must have the ----BEGIN PUBLIC KEY---- and ----END PUBLIC KEY----

2) Your signature is in binary format. You can use the php base64_decode for this.
To Top