openssl_verify

    (PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

    openssl_verifyVerify signature

    Description

    openssl_verify(
        string$data,
        string$signature,
        OpenSSLAsymmetricKey|OpenSSLCertificate|array|string$public_key,
        string|int$algorithm = OPENSSL_ALGO_SHA1
    ): int|false

    openssl_verify() verifies that the signature is correct for the specified data using the public key associated with public_key. This must be the public key corresponding to the private key used for signing.

    Parameters

    data

    The string of data used to generate the signature previously

    signature

    A raw binary string, generated by openssl_sign() or similar means

    public_key

    OpenSSLAsymmetricKey - a key, returned by openssl_get_publickey()

    string - a PEM formatted key (e.g. -----BEGIN PUBLIC KEY----- MIIBCgK...)

    algorithm

    int - one of these Signature Algorithms.

    string - a valid string returned by openssl_get_md_methods() example, "sha1WithRSAEncryption" or "sha512".

    Return Values

    Returns 1 if the signature is correct, 0 if it is incorrect, and -1 or false on error.

    Changelog

    VersionDescription
    8.0.0public_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.

    Examples

    Example #1 openssl_verify() example

    <?php
    // $data and $signature are assumed to contain the data and the signature

    // fetch public key from certificate and ready it
    $pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");

    // state whether signature is okay or not
    $ok = openssl_verify($data, $signature, $pubkeyid);
    if (    $ok == 1) {
    echo     "good";
    } elseif (    $ok == 0) {
    echo     "bad";
    } else {
    echo     "ugly, error checking signature";
    }
    // free the key from memory
    openssl_free_key($pubkeyid);
    ?>

    Example #2 openssl_verify() example

    <?php
    //data you want to sign
    $data = 'my data';

    //create new private and public key
    $private_key_res = openssl_pkey_new(array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
    ));
    $details = openssl_pkey_get_details($private_key_res);
    $public_key_res = openssl_pkey_get_public($details['key']);

    //create signature
    openssl_sign($data, $signature, $private_key_res, "sha256WithRSAEncryption");

    //verify signature
    $ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA256);
    if (    $ok == 1) {
    echo     "valid";
    } elseif (    $ok == 0) {
    echo     "invalid";
    } else {
    echo     "error: ".openssl_error_string();
    }
    ?>

    See Also

    To Top