1

The last few days I'm trying to produce a signature on XML data by using openssl_sign and later verify this by using openssl_verify. Unfortunately openssl_verify keeps returning false. Since I was not sure if my private and public key extracted from my certificate were OK, I also tried a basic example.

openssl_sign indeed returns a binary signature. So far so good (also did this with my private key extracted from PEM cert). Also in the example openssl_verify returns false. I Assume that the private and public keys are correct in the example. Any help in how to sign and verify? 

<?php
$Data = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";

// $key_private_id = openssl_get_privatekey(file_get_contents($ClientCertFile), $passphrase);
// $key_public_id = openssl_get_publickey(file_get_contents($ClientCertFile));

$key_private_id = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4Z
RZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9
sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R
6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJ
h1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2n
Y79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHra
I2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI
-----END RSA PRIVATE KEY-----
EOD;    


$key_public_id = <<<EOD
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6
zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==
-----END PUBLIC KEY-----
EOD;

if(!openssl_sign($Data, $Signature, $key_private_id, OPENSSL_ALGO_SHA1 )) { 
    echo "Failed to sign data: $Data ";
}

if(!openssl_verify($Data, $Signature, $key_public_id, OPENSSL_ALGO_SHA1)) {
    echo "Verify failed on signed data: $Data ";
}
miken32
  • 42,008
  • 16
  • 111
  • 154
Chris van der Gaag
  • 49
  • 9
  • Is this a direct copy/paste of your code? You have spaces after one of your `EOD;` lines which will cause problems. I get no errors once the spaces are removed. – miken32 Mar 21 '17 at 19:37
  • Thank you miken32, it's working indeed! starting over digging in my certificate – Chris van der Gaag Mar 22 '17 at 08:56

1 Answers1

0

This a common mistake to make. The PHP documentation for the heredoc format says:

Warning It is very important to note that the line with the closing identifier must contain no other characters, except a semicolon (;). That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon.

Ensure no trailing spaces after EOD; and things will start working. If you had enabled proper PHP error logging, you would have gotten "undefined variable" notices from the assignment statement.

Community
  • 1
  • 1
miken32
  • 42,008
  • 16
  • 111
  • 154