(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)
openssl_verify — Verify signature
$data,$signature,$public_key,$algorithm = OPENSSL_ALGO_SHA1
openssl_verify() verifies that the
signature is correct for the specified
data using the public key associated with
public_key. This must be the public key
corresponding to the private key used for signing.
dataThe string of data used to generate the signature previously
signatureA raw binary string, generated by openssl_sign() or similar means
public_keyOpenSSLAsymmetricKey - a key, returned by openssl_get_publickey()
string - a PEM formatted key (e.g. -----BEGIN PUBLIC KEY-----
MIIBCgK...)
algorithmint - one of these Signature Algorithms.
string - a valid string returned by openssl_get_md_methods() example, "sha1WithRSAEncryption" or "sha512".
Returns 1 if the signature is correct, 0 if it is incorrect, and
-1 or false on error.
| Version | Description |
|---|---|
| 8.0.0 |
public_key accepts an OpenSSLAsymmetricKey
or OpenSSLCertificate instance now;
previously, a resource of type OpenSSL key or OpenSSL X.509
was accepted.
|
Example #1 openssl_verify() example
<?php
// $data and $signature are assumed to contain the data and the signature
// fetch public key from certificate and ready it
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");
// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>Example #2 openssl_verify() example
<?php
//data you want to sign
$data = 'my data';
//create new private and public key
$private_key_res = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$details = openssl_pkey_get_details($private_key_res);
$public_key_res = openssl_pkey_get_public($details['key']);
//create signature
openssl_sign($data, $signature, $private_key_res, "sha256WithRSAEncryption");
//verify signature
$ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA256);
if ($ok == 1) {
echo "valid";
} elseif ($ok == 0) {
echo "invalid";
} else {
echo "error: ".openssl_error_string();
}
?>