openssl_verify
(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)
openssl_verify — Verify signature
Description
string
$data,string
$signature,OpenSSLAsymmetricKey|OpenSSLCertificate|array|string
$public_key,string|int
$algorithm = OPENSSL_ALGO_SHA1,int
$padding = 0): int|false
openssl_verify() verifies that the signature is correct for the specified data using the public key associated with public_key. This must be the public key corresponding to the private key used for signing.
Parameters
dataThe string of data used to generate the signature previously
signatureA raw binary string, generated by openssl_sign() or similar means
public_keyOpenSSLAsymmetricKey - a key, returned by openssl_get_publickey()
string - a PEM formatted key (e.g.
-----BEGIN PUBLIC KEY----- MIIBCgK...)algorithmint - one of these Signature Algorithms.
string - a valid string returned by openssl_get_md_methods() example, "sha1WithRSAEncryption" or "sha512".
padding- RSA PSS padding to use.
Return Values
Returns 1 if the signature is correct, 0 if it is incorrect, and -1 or false on error.
Changelog
| Version | Description |
|---|---|
| 8.5.0 | The optional parameter padding has been added. |
| 8.0.0 | public_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted. |
Examples
Example #1 openssl_verify() example
<?php
// $data and $signature are assumed to contain the data and the signature
// fetch public key from certificate and ready it
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");
// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>Example #2 openssl_verify() example
<?php
//data you want to sign
$data = 'my data';
//create new private and public key
$private_key_res = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$details = openssl_pkey_get_details($private_key_res);
$public_key_res = openssl_pkey_get_public($details['key']);
//create signature
openssl_sign($data, $signature, $private_key_res, "sha256WithRSAEncryption");
//verify signature
$ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA256);
if ($ok == 1) {
echo "valid";
} elseif ($ok == 0) {
echo "invalid";
} else {
echo "error: ".openssl_error_string();
}
?>See Also
- openssl_sign() - Generate signature