Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

openssl_verify(3) [php man page]

OPENSSL_VERIFY(3)							 1							 OPENSSL_VERIFY(3)

openssl_verify - Verify signature

SYNOPSIS

       int openssl_verify (string  $data, string  $signature, mixed  $pub_key_id, [mixed  $signature_alg = OPENSSL_ALGO_SHA1])

DESCRIPTION

       openssl_verify(3)  verifies  that  the $signature is correct for the specified $data using the public key associated with $pub_key_id. This
       must be the public key corresponding to the private key used for signing.

PARAMETERS

	      o $data
		- The string of data used to generate the signature previously

	      o $signature
		- A raw binary string, generated by openssl_sign(3) or similar means

	      o $pub_key_id
		- resource - a key, returned by openssl_get_publickey(3) string - a  PEM  formatted  key,  example,  "-----BEGIN  PUBLIC  KEY-----
		MIIBCgK..."

	      o $signature_alg
		- int - one of these Signature Algorithms.  string - a valid string returned by openssl_get_md_methods(3) example, "sha1WithRSAEn-
		cryption" or "sha512".

RETURN VALUES

	Returns 1 if the signature is correct, 0 if it is incorrect, and -1 on error.

CHANGELOG

       +--------+------------------------------------------+
       |Version |					   |
       |	|					   |
       |	|		Description		   |
       |	|					   |
       +--------+------------------------------------------+
       | 5.2.0	|					   |
       |	|					   |
       |	|  The $signature_alg parameter was added. |
       |	|					   |
       +--------+------------------------------------------+
EXAMPLES

       Example #1

	      openssl_verify(3) example

	      <?php
	      // $data and $signature are assumed to contain the data and the signature

	      // fetch public key from certificate and ready it
	      $pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");

	      // state whether signature is okay or not
	      $ok = openssl_verify($data, $signature, $pubkeyid);
	      if ($ok == 1) {
		  echo "good";
	      } elseif ($ok == 0) {
		  echo "bad";
	      } else {
		  echo "ugly, error checking signature";
	      }
	      // free the key from memory
	      openssl_free_key($pubkeyid);
	      ?>

       Example #2

	      openssl_verify(3) example

	      <?php
	      //data you want to sign
	      $data = 'my data';

	      //create new private and public key
	      $private_key_res = openssl_pkey_new(array(
		  "private_key_bits" => 2048,
		  "private_key_type" => OPENSSL_KEYTYPE_RSA,
	      ));
	      $details = openssl_pkey_get_details($private_key_res);
	      $public_key_res = openssl_pkey_get_public($details['key']);

	      //create signature
	      openssl_sign($data, $signature, $private_key_res, "sha1WithRSAEncryption");

	      //verify signature
	      $ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA1);
	      if ($ok == 1) {
		  echo "valid";
	      } elseif ($ok == 0) {
		  echo "invalid";
	      } else {
		  echo "error: ".openssl_error_string();
	      }
	      ?>

SEE ALSO

       openssl_sign(3).

PHP Documentation Group 													 OPENSSL_VERIFY(3)

Check Out this Related Man Page

NBSVTOOL(1)						    BSD General Commands Manual 					       NBSVTOOL(1)

NAME

     nbsvtool -- create and verify detached signatures of files

SYNOPSIS

     nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain] [-f certificate-file] [-k private-key-file] [-u required-key-usage] command
	      args ...

DESCRIPTION

     nbsvtool is used to create and verify detached X509 signatures of files.  Private keys and certificates are expected to be PEM encoded, sig-
     natures are in PEM/SMIME format.

     Supported commands:

     sign file			       Sign file, placing the signature in file.sp7.  The options -f and -k are required for this command.

     verify file [signature]	       Verify signature for file.  If signature is not specified, file.sp7 is used.

     verify-code file [signature]      This is a short cut for verify with the option -u code.

     Supported options:

     -a anchor-certificates	   A file containing one or more (concatenated) keys that are considered trusted.

     -c certificate-chain	   A file containing additional certificates that will be added to the signature when creating one.  They will be
				   used to fill missing links in the trust chain when verifying the signature.

     -f certificate-file	   A file containing the certificate to use for signing.  The certificate must match the key given by -k.

     -k private-key-file	   A file containing the private key to use for signing.

     -u required-key-usage	   Verify that the extended key-usage attribute in the signing certificate matches required-key-usage.	Otherwise,
				   the signature is rejected.  key usage can be one of: ``ssl-server'', ``ssl-client'', ``code'', or ``smime''.

     -v 			   Print verbose information about the signing certificate.

EXIT STATUS

     The nbsvtool utility exits 0 on success, and >0 if an error occurs.

EXAMPLES

     Create signature file hello.sp7 for file hello.  The private key is found in file key, the matching certificate is in cert, additional cer-
     tificates from cert-chain are included in the created signature.
	   nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7

     Verify that the signature hello.sp7 is valid for file hello and that the signing certificate allows code signing.	Certificates in
     anchor-file are considered trusted, and there must be a certificate chain from one of those certificates to the signing certificate.
	   nbsvtool -a anchor-file verify-code hello hello.sp7

SEE ALSO

     openssl_smime(1)

CAVEATS

     As there is currently no default trust anchor, you must explicilty specify one with -a, otherwise no verification can succeed.

BSD
								  March 11, 2009							       BSD
Man Page