how make signature by private key and check it by public key in php

StackOverflow https://stackoverflow.com/questions/21132135

Question

I have a RSA private key and a RSA public key.

both rsa keys are in xml version ( <RSAKeyValue><Modulus>.... );

I need to make a PKCS8 signature from private key and test it by publik key in php

I used this snippet for making signature:

$content = "test string";
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey(file_get_contents("private.txt"));
$pem_format = $rsa->getPrivateKey();
$pvk_res = openssl_get_privatekey($pem_format); 
$sig = '';
openssl_sign($content , $sig, $pvk_res, OPENSSL_ALGO_SHA1);
$signature = base64_encode($sig);

is this right way for making signature ??

now how use public key to test accuracy of signature ??

Was it helpful?

Solution

PKCS8 concerns key formats - not signatures.

Also, I see you're using phpseclib to convert the key to pem and then using openssl. Why not just use phpseclib for everything? At that point you could use this example:

http://phpseclib.sourceforge.net/rsa/examples.html#sign,sign2

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
//$rsa->setPassword('password');
$rsa->loadKey('...'); // private key

$plaintext = '...';

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($plaintext);

$rsa->loadKey('...'); // public key
echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
?>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top