On 05/23/2012 01:26 PM, Matijn Woudt wrote:
On Wed, May 23, 2012 at 9:12 PM, Jason Gerfen<jason.ger...@utah.edu>  wrote:
On 05/23/2012 01:05 PM, Matijn Woudt wrote:
On Wed, May 23, 2012 at 8:29 PM, jas<jason.ger...@utah.edu>    wrote:
I have run into a problem that I am altogether unfamiliar with.

A scenario. I retrieve a users private key from a database.

I then use the openssl_pkey_get_private() function to load it as a
object and proceed to call the openssl_sign() function to obtain a
signature of a string.

No problem, I get a valid signature which I then base64 encode and store
a database.

Now lets say a couple of days from now I load up the public key which
corresponds to the private key which was used to originally sign the data
verify it and it does not work.

The kicker is if I perform the very same routine without saving the
signature and attempting to verify it it works without problems.

Have you checked what $signed looks like after running the script?
Compare it to $signature. Most likely you corrupted your date
elsewhere, maybe when inserting it into the database.

- Matijn
The example that accompanies the post shows two examples, one works&  one
does not. Neither however use any type of database, as both simply assign or
use the valid signature stored within either the $signature or $signed

I wish I could say that is the problem, I took care to properly
encode/decode when saving or retrieving the information and as well in the
original post I removed this as a possible cause by simply defining the
$signature variable and assigning a valid signature to it for testing.

First of all, it seems $signature is in base64 format, so I think you
should base64_decode that one first. Then it appears to me that
$signature is not the same as $signed, on my system. If I
base64_encode $signed, save it by copying it from my browser, and then
enter it as $signature, and then use base64_decode on $signature it
works fine.

- Matijn
Those are the same steps I just mentioned. The base64_decoding is a typo on the second example. It should read

openssl_verify($unsigned, base64_decode($signature), $id);

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to