Re: openssl_sign() & openssl_verify() discrepancy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 23, 2012 at 9:42 PM, Jason Gerfen <jason.gerfen@xxxxxxxx> wrote:
> On 05/23/2012 01:26 PM, Matijn Woudt wrote:
>>
>> On Wed, May 23, 2012 at 9:12 PM, Jason Gerfen<jason.gerfen@xxxxxxxx>
>>  wrote:
>>>
>>> On 05/23/2012 01:05 PM, Matijn Woudt wrote:
>>>>
>>>> On Wed, May 23, 2012 at 8:29 PM, jas<jason.gerfen@xxxxxxxx>    wrote:
>>>>>
>>>>> I have run into a problem that I am altogether unfamiliar with.
>>>>>
>>>>> A scenario. I retrieve a users private key from a database.
>>>>>
>>>>> I then use the openssl_pkey_get_private() function to load it as a
>>>>> resource
>>>>> object and proceed to call the openssl_sign() function to obtain a
>>>>> digital
>>>>> signature of a string.
>>>>>
>>>>> No problem, I get a valid signature which I then base64 encode and
>>>>> store
>>>>> in
>>>>> a database.
>>>>>
>>>>> Now lets say a couple of days from now I load up the public key which
>>>>> corresponds to the private key which was used to originally sign the
>>>>> data
>>>>> to
>>>>> verify it and it does not work.
>>>>>
>>>>> The kicker is if I perform the very same routine without saving the
>>>>> signature and attempting to verify it it works without problems.
>>>>>
>>>> Have you checked what $signed looks like after running the script?
>>>> Compare it to $signature. Most likely you corrupted your date
>>>> elsewhere, maybe when inserting it into the database.
>>>>
>>>> - Matijn
>>>
>>> The example that accompanies the post shows two examples, one works&  one
>>>
>>> does not. Neither however use any type of database, as both simply assign
>>> or
>>> use the valid signature stored within either the $signature or $signed
>>> variables.
>>>
>>> I wish I could say that is the problem, I took care to properly
>>> encode/decode when saving or retrieving the information and as well in
>>> the
>>> original post I removed this as a possible cause by simply defining the
>>> $signature variable and assigning a valid signature to it for testing.
>>>
>> First of all, it seems $signature is in base64 format, so I think you
>> should base64_decode that one first. Then it appears to me that
>> $signature is not the same as $signed, on my system. If I
>> base64_encode $signed, save it by copying it from my browser, and then
>> enter it as $signature, and then use base64_decode on $signature it
>> works fine.
>>
>> - Matijn
>
> Those are the same steps I just mentioned. The base64_decoding is a typo on
> the second example. It should read
>
> openssl_verify($unsigned, base64_decode($signature), $id);
>

Well, then maybe you should explain the problem further, because with
this it works fine, and it appears to me the problem is not here but
it comes when you try to store/retrieve the data.

- Matijn

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux