openssl_verify() verifies that the signature
is correct for the specified data
using the public key associated with pub_key_id
. This must be the public key corresponding to the private key used for signing.
The string of data used to generate the signature previously
A raw binary string, generated by openssl_sign() or similar means
resource - a key, returned by openssl_get_publickey()
string - a PEM formatted key, example, "-----BEGIN PUBLIC KEY----- MIIBCgK..."
int - one of these Signature Algorithms.
string - a valid string returned by openssl_get_md_methods() example, "sha1WithRSAEncryption" or "sha512".
Returns 1 if the signature is correct, 0 if it is incorrect, and -1 on error.
The signature_alg
parameter was added.
<?php // $data and $signature are assumed to contain the data and the signature // fetch public key from certificate and ready it $pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem"); // state whether signature is okay or not $ok = openssl_verify($data, $signature, $pubkeyid); if ($ok == 1) { echo "good"; } elseif ($ok == 0) { echo "bad"; } else { echo "ugly, error checking signature"; } // free the key from memory openssl_free_key($pubkeyid); ?>
<?php //data you want to sign $data = 'my data'; //create new private and public key $private_key_res = openssl_pkey_new(array( "private_key_bits" => 2048, "private_key_type" => OPENSSL_KEYTYPE_RSA, )); $details = openssl_pkey_get_details($private_key_res); $public_key_res = openssl_pkey_get_public($details['key']); //create signature openssl_sign($data, $signature, $private_key_res, "sha1WithRSAEncryption"); //verify signature $ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA1); if ($ok == 1) { echo "valid"; } elseif ($ok == 0) { echo "invalid"; } else { echo "error: ".openssl_error_string(); } ?>
Please login to continue.