On 05/23/2012 01:05 PM, Matijn Woudt wrote:
On Wed, May 23, 2012 at 8:29 PM, jas<jason.ger...@utah.edu>  wrote:
I have run into a problem that I am altogether unfamiliar with.

A scenario. I retrieve a users private key from a database.

I then use the openssl_pkey_get_private() function to load it as a resource
object and proceed to call the openssl_sign() function to obtain a digital
signature of a string.

No problem, I get a valid signature which I then base64 encode and store in
a database.

Now lets say a couple of days from now I load up the public key which
corresponds to the private key which was used to originally sign the data to
verify it and it does not work.

The kicker is if I perform the very same routine without saving the
signature and attempting to verify it it works without problems.

Have you checked what $signed looks like after running the script?
Compare it to $signature. Most likely you corrupted your date
elsewhere, maybe when inserting it into the database.

- Matijn
The example that accompanies the post shows two examples, one works & one does not. Neither however use any type of database, as both simply assign or use the valid signature stored within either the $signature or $signed variables.

I wish I could say that is the problem, I took care to properly encode/decode when saving or retrieving the information and as well in the original post I removed this as a possible cause by simply defining the $signature variable and assigning a valid signature to it for testing.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to