<?php include '../phpseclib/vendor/autoload.php'; $rsa_signer = new \phpseclib\Crypt\RSA(); $private = file_get_contents('private.pem'); $rsa_signer->setPassword('VdcpDTWTc5Aehxgv2uL9haaFddDBhrc8uCMG3ykg'); $rsa_signer->load($private); $rsa_signer->setHash('sha512'); $rsa_signer->setMGFHash('sha512'); $message = 'Litwo Ojczyzno moja, ty jesteś jak zdrowie'; $signature = $rsa_signer->sign($message, phpseclib\Crypt\RSA::PADDING_PSS); $signature_base64 = base64_encode($signature); echo 'Message: ' . $message . "\r\n"; echo 'Signature (RAW): ' . $signature . "\r\n"; echo 'Signature (base64): ' . $signature_base64 . "\r\n"; echo '------------------------------------DECODING------------------------------------------' . "\r\n"; $rsa_verifier = new \phpseclib\Crypt\RSA(); $rsa_verifier->setHash('sha512'); $rsa_verifier->setMGFHash('sha512'); $public = file_get_contents('public.pem'); $rsa_verifier->load($public); $verification = $rsa_verifier->verify($message, $signature); echo 'Verified: ' . ($verification ? 'TRUE' : 'FALSE');
/** * @param string $hashtype * @param object $key * @throws OpenIDConnectClientException * @return bool */ private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature) { if (!class_exists('\\phpseclib\\Crypt\\RSA')) { throw new OpenIDConnectClientException('Crypt_RSA support unavailable.'); } if (!(property_exists($key, 'n') and property_exists($key, 'e'))) { throw new OpenIDConnectClientException('Malformed key object'); } /* We already have base64url-encoded data, so re-encode it as regular base64 and use the XML key format for simplicity. */ $public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>"; $rsa = new \phpseclib\Crypt\RSA(); $rsa->setHash($hashtype); $rsa->loadKey($public_key_xml, \phpseclib\Crypt\RSA::PUBLIC_FORMAT_XML); $rsa->signatureMode = \phpseclib\Crypt\RSA::SIGNATURE_PKCS1; return $rsa->verify($payload, $signature); }