Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to verify a digital signature with openssl

I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this:

/success.php?signature=[HUGE HASH]

I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that.

I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which also has native openssl() functions.

If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.

like image 723
Aaron Carlino Avatar asked Feb 26 '23 22:02

Aaron Carlino


1 Answers

This is my code and it's work for me. Hope i can help you.

$sign = "28E5FA795590066E8402B529DB027B8D082A226BE6E53F80D41F763207A11EF9..."; // inline signature. I'm using SHA512
$cert = "your certification"; // ------BEGIN..... END..----
$data = "text"; // 64 charactor for SHA512. It's raw data, not hashed data
$pubkeyid = openssl_pkey_get_public($cert);
$ok = openssl_verify($data, hex2bin($sign), $pubkeyid,OPENSSL_ALGO_SHA512);
if($ok==1) return "Verify"; else return "Unverify";
like image 55
Nguyễn Hoàng Việt Avatar answered Mar 02 '23 08:03

Nguyễn Hoàng Việt