/** * Extracts the public key from certificate and prepares it for use by other functions. * OOP alias for openssl_pkey_get_public / openssl_get_publickey. * * @return resource 'OpenSSL key' */ public function getPublicKey() { if ($this->publicKey === null) { $this->publicKey = openssl_get_publickey($this->certificate); } return $this->publicKey; }
/** * RSA验签 * @param $data 待签名数据 * @param $public_key 支付宝的公钥文件路径 * @param $sign 要校对的的签名结果 * @return 验证结果 */ public function rsaVerify($data, $public_key, $sign) { $res = openssl_get_publickey($public_key); $result = (bool) openssl_verify($data, base64_decode($sign), $res); openssl_free_key($res); return $result; }
function validate_pub_key($pub_key) { $key = @openssl_get_publickey($pub_key); if($key === false) throw new invalid_public_key_exception(); }
/** * Validates a message from SNS to ensure that it was delivered by AWS * * @param Message $message The message to validate * * @throws CannotGetPublicKeyFromCertificateException If the certificate cannot be retrieved * @throws CertificateFromUnrecognizedSourceException If the certificate's source cannot be verified * @throws InvalidMessageSignatureException If the message's signature is invalid */ public function validate($message) { // Get the cert's URL and ensure it is from AWS $certUrl = $message->get('SigningCertURL'); $host = parse_url($certUrl, PHP_URL_HOST); if ('.amazonaws.com' != substr($host, -14)) { throw new CertificateFromUnrecognizedSourceException($host . ' did not match .amazonaws.com'); } // Get the cert itself and extract the public key $response = wp_remote_get($certUrl); if (is_wp_error($response)) { throw new CannotGetPublicKeyFromCertificateException('Could not retrieve certificate from ' . $certUrl); } $certificate = wp_remote_retrieve_body($response); $publicKey = openssl_get_publickey($certificate); if (!$publicKey) { throw new CannotGetPublicKeyFromCertificateException('Could not extract public key from ' . $certUrl); } // Verify the signature of the message $stringToSign = $message->getStringToSign(); $incomingSignature = base64_decode($message->get('Signature')); if (!openssl_verify($stringToSign, $incomingSignature, $publicKey, OPENSSL_ALGO_SHA1)) { throw new InvalidMessageSignatureException('The message did not match the signature ' . "\n" . $stringToSign); } }
/** * RSA验签 * @param $data 待签名数据 * @param $ali_public_key_path 支付宝的公钥文件路径 * @param $sign 要校对的的签名结果 * return 验证结果 */ function ApiRsaVerify($data, $ali_public_key_path, $sign) { $pubKey = file_get_contents($ali_public_key_path); $res = openssl_get_publickey($pubKey); $result = (bool)openssl_verify($data, base64_decode($sign), $res); openssl_free_key($res); return $result; }
/** * Function that processes the callback from the bank and returns CPayment objects with isSuccessful * (and other applicable) parameters filled according to the answers from the bank. * * @return CPayment */ public function HandleCallback() { $rsField = array(); foreach ((array) $_REQUEST as $ixField => $fieldValue) { $rsField[$ixField] = $fieldValue; } $sSignatureBase = sprintf("%03s", $rsField['ver']) . sprintf("%-10s", $rsField['id']) . sprintf("%012s", $rsField['ecuno']) . sprintf("%06s", $rsField['receipt_no']) . sprintf("%012s", $rsField['eamount']) . sprintf("%3s", $rsField['cur']) . $rsField['respcode'] . $rsField['datetime'] . sprintf("%-40s", $rsField['msgdata']) . sprintf("%-40s", $rsField['actiontext']); function hex2str($hex) { for ($i = 0; $i < strlen($hex); $i += 2) { $str .= chr(hexdec(substr($hex, $i, 2))); } return $str; } $mac = hex2str($rsField['mac']); $sSignature = sha1($sSignatureBase); $flKey = openssl_get_publickey(file_get_contents($this->flBankCertificate)); if (!openssl_verify($sSignatureBase, $mac, $flKey)) { trigger_error("Invalid signature", E_USER_ERROR); } if ($rsField['receipt_no'] == 00) { return new CPayment($rsField['ecuno'], $rsField['msgdata'], null, null, False); } else { return new CPayment($rsField['ecuno'], $rsField['msgdata'], $rsField['eamount'] / 100, $rsField['cur'], True); } }
public static function verify($data, $senderid) { gio::log("Verifying message ...", VERBOSE); $pubkeyid = self::getkey($senderid, false, true); if (!$pubkeyid) { $pubkeyid = openssl_get_publickey(self::getcert($senderid, true)); } if (!$pubkeyid) { return false; } $data = explode("::SIGNATURE::", $data); $signature = base64_decode($data[1]); $data = $data[0]; $ok = openssl_verify($data, $signature, $pubkeyid); if ($ok < 1) { if ($ok < 0) { gio::log("Error while verifying data from {$senderid} ...", E_USER_WARNING); } else { gio::log("Invalid signature detected while verifying data from {$senderid} ...", E_USER_WARNING); } return false; } gio::log("... Done verifying message", VERBOSE); return $data; }
public function testSecureAuthSubSigning() { if (!extension_loaded('openssl')) { $this->markTestSkipped('The openssl extension is not available'); } else { $c = new GData\HttpClient(); $c->setAuthSubPrivateKeyFile("Zend/GData/_files/RsaKey.pem", null, true); $c->setAuthSubToken('abcdefg'); $requestData = $c->filterHttpRequest('POST', 'http://www.example.com/feed', array(), 'foo bar', 'text/plain'); $authHeaderCheckPassed = false; $headers = $requestData['headers']; foreach ($headers as $headerName => $headerValue) { if (strtolower($headerName) == 'authorization') { preg_match('/data="([^"]*)"/', $headerValue, $matches); $dataToSign = $matches[1]; preg_match('/sig="([^"]*)"/', $headerValue, $matches); $sig = $matches[1]; if (function_exists('openssl_verify')) { $fp = fopen('Zend/GData/_files/RsaCert.pem', 'r', true); $cert = ''; while (!feof($fp)) { $cert .= fread($fp, 8192); } fclose($fp); $pubkeyid = openssl_get_publickey($cert); $verified = openssl_verify($dataToSign, base64_decode($sig), $pubkeyid); $this->assertEquals(1, $verified, 'The generated signature was unable ' . 'to be verified.'); $authHeaderCheckPassed = true; } } } $this->assertEquals(true, $authHeaderCheckPassed, 'Auth header not found for sig verification.'); } }
function verify($pubKey, $toCheck, $signature) { $openSslPubKey = openssl_get_publickey($this->seclibToOpenSsl($pubKey)); $verified = openssl_verify($toCheck, $signature, $openSslPubKey); openssl_free_key($openSslPubKey); return $verified; } # verify
function checkGooglePlay($signture_json, $signture) { global $public_key; $public_key_handle = openssl_get_publickey($public_key); $result = openssl_verify($signture_json, base64_decode($signture), $public_key_handle, OPENSSL_ALGO_SHA1); return $result; }
function pubkey_bits($pubkey) { $pubkey = openssl_get_publickey($pubkey); $keydata = openssl_pkey_get_details($pubkey); openssl_free_key($pubkey); return $keydata['bits']; }
public static function check_license($license) { $signature = $license['Signature']; unset($license['Signature']); uksort($license, "strcasecmp"); $total = ''; foreach ($license as $value) { $total .= $value; } $key_raw = <<<EOD -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl7Dgf4x0fi0lXfws7Cq/lk0d TIEXnCu8PBMep0mtRia9WEJ8N53d+8gbuAcMzb4sW6MVOzTEKYrmtq/DTbiaXKiJ o6osz5KgBjbcGrCzKKvk8uQuTZWusqp69LQfTYSwxwJIp45kl0g8yalewGUtpYuu yWXBBsw7Z909BpTLBQIDAAAD -----END PUBLIC KEY----- EOD; $key = openssl_get_publickey($key_raw); openssl_public_decrypt(base64_decode($signature), $checkDigest, $key); $digest = sha1($total, true); if ($digest === $checkDigest) { return true; } return false; }
public function isSuccesful() { foreach ((array) $_REQUEST as $ixField => $fieldValue) { $this->responseFields[$ixField] = $fieldValue; } $sSignatureBase = sprintf("%03s", $this->responseFields['ver']) . sprintf("%-10s", $this->responseFields['id']) . sprintf("%012s", $this->responseFields['ecuno']) . sprintf("%06s", $this->responseFields['receipt_no']) . sprintf("%012s", $this->responseFields['eamount']) . sprintf("%3s", $this->responseFields['cur']) . $this->responseFields['respcode'] . $this->responseFields['datetime'] . $this->mb_sprintf("%-40s", $this->responseFields['msgdata']) . $this->mb_sprintf("%-40s", $this->responseFields['actiontext']); function hex2str($hex) { $str = ''; for ($i = 0; $i < strlen($hex); $i += 2) { $str .= chr(hexdec(substr($hex, $i, 2))); } return $str; } $mac = hex2str($this->responseFields['mac']); $flKey = openssl_get_publickey(\Configuration::where('code', '=', 'estcard/pubkey')->first()->value); if (!openssl_verify($sSignatureBase, $mac, $flKey)) { // invalidSignature return false; } if ($this->responseFields['receipt_no'] == 00) { # Payment was cancelled return false; } if ($this->responseFields['respcode'] == 00) { # Payment success return true; } }
/** * 设置公钥 */ public function setPubKey($key) { $pubKey = '-----BEGIN CERTIFICATE-----' . PHP_EOL; $pubKey .= chunk_split(base64_encode($key), 64, PHP_EOL); $pubKey .= '-----END CERTIFICATE-----' . PHP_EOL; $this->pubKey = openssl_get_publickey($pubKey); }
function dec_pub($dat) { list($cry,$str) = array_map('base64_decode',explode(':',$dat)); $res = openssl_get_publickey($this->pub); openssl_public_decrypt($cry,$key,$res); $ret = $this->dec_sym($key,$str); return trim($ret); }
/** * makes the verification of the incoming data with a public key * @param string $signature * @param string $data * @param string $publicKeyPath * @return boolean */ public static function verify($signature, $data, $publicKeyPath) { $publicKey = self::read($publicKeyPath); $pKeyId = openssl_get_publickey($publicKey); $result = openssl_verify($data, $signature, $pKeyId, "SHA256"); openssl_free_key($pKeyId); return (bool) $result; }
/** * @param string $text * @param string $signatureBase64 * @return bool */ function verify($text, $signatureBase64) { $publicKeyId = openssl_get_publickey($this->publicKey); $signature = base64_decode($signatureBase64); $res = openssl_verify($text, $signature, $publicKeyId); openssl_free_key($publicKeyId); return $res === 1; }
/** * 对明文进行加密 * * @param string $text 明文 * * @return string 密文,并且进行base64转换 */ static function encrypt($source) { global $cfg; $prikey = $cfg['rsa']['pubkey']; openssl_get_publickey($pubkey); $res = openssl_public_encrypt($source, $crypttext, $pubkey, OPENSSL_PKCS1_PADDING); return $res ? base64_encode($crypttext) : false; }
/** * Verify the returned response. * * @param $message * @param $signature * @return mixed */ public function verifySignature($message, $signature) { $cert = $this->getCertificate(); $pubkeyid = openssl_get_publickey($cert); $verify = openssl_verify(substr($message, 0, strlen($message) - 128), $signature, $pubkeyid); openssl_free_key($pubkeyid); return $verify; }
function verify($text, $signature) { $pubkeyid = openssl_get_publickey($this->verejny); $signature = base64_decode($signature); $vysledek = openssl_verify($text, $signature, $pubkeyid); openssl_free_key($pubkeyid); return $vysledek == 1 ? true : false; }
function _verify($mac, $signature) { $cert = file_get_contents(KEY_LOCATION . '/swedbank.pem'); $key = openssl_get_publickey($cert); $ok = openssl_verify($mac, $signature, $key); openssl_free_key($key); return $ok; }
/** * 公钥加密 * * @param string 明文 * @return string 密文(base64编码) */ function publickey_encodeing($sourcestr) { $key_content = file_get_contents("../server.crt"); $pubkeyid = openssl_get_publickey($key_content); if (openssl_public_encrypt($sourcestr, $crypttext, $pubkeyid)) { return base64_encode("" . $crypttext); } }
/** * 验签 方法 二 (未知公匙,获得需经转换) * [rsa_verify2 description] * @param [type] $cert_file [description] * @param [type] $data [description] * @param [type] $signature [description] * @return [type] [description] */ function rsa_verify2($cert_file, $data, $signature) { $cert = der2pem(file_get_contents($cert_file)); $certs = openssl_x509_read($cert); $key = openssl_get_publickey($certs); $result = (bool) openssl_verify($data, base64_decode($signature), $key, OPENSSL_ALGO_SHA1); openssl_free_key($key); return $result; }
public function verify($data, $sign) { $key = file_get_contents($this->public_key_path); $res = openssl_get_publickey($key); $result = (bool) openssl_verify($data, base64_decode($sign), $res); openssl_free_key($res); Logger::addInfo('alipay_wap_encryption_rsa', 'verify', array('openssl_key' => $res, 'result' => $result)); return $result; }
public static function verifySign($params, $pubKeyPath, $sign) { $kparams = self::makeSignParams($params); $pubKey = file_get_contents($pubKeyPath); $res = openssl_get_publickey($pubKey); $result = openssl_verify($kparams, base64_decode($sign), $res); openssl_free_key($res); return $result == 1; }
public static function publicDecrypt($pubKey, $data) { if (!strstr($pubKey, 'BEGIN PUBLIC KEY')) { $pubKey = self::lengthenPublicKey($pubKey); } $key_resource = openssl_get_publickey($pubKey); openssl_public_decrypt(base64_decode($data), $cleartext, $key_resource); return $cleartext; }
/** * AsymmetricStrategy constructor. * * @param string $public Valid public certificate, can be: * - an X.509 certificate resource * - a PEM formatted public key * - a string having the format `file://path/to/file.pem`. The named file * must contain a PEM encoded certificate/public key (it may contain both). * @param string $public Optional. A valid private certificate, can be: * - a string having the format file://path/to/file.pem. The named file * must contain a PEM encoded certificate. * - a PEM encoded certificate * @param string $passphrase Optional pass phrase. * @throws \Cake\Core\Exception\Exception */ public function __construct($public, $private = null, $passphrase = null) { if (!($this->__publicKey = openssl_get_publickey($public))) { throw new Exception('Invalid public certificate: ' . $public); } if ($private !== null && !($this->__privateKey = openssl_get_privatekey($private, $passphrase))) { throw new Exception('Invalid private certificate: ' . $private); } }
function public_encrypt($plaintext) { $fp = fopen("./mykey.pub", "r"); $pub_key = fread($fp, 8192); fclose($fp); openssl_get_publickey($pub_key); openssl_public_encrypt($plaintext, $crypttext, $pub_key); return base64_encode($crypttext); }
/** * @param string $file */ public function __construct($file) { $fp = fopen($file, 'r'); $key = fread($fp, filesize($file)); fclose($fp); if (!($this->publicKey = openssl_get_publickey($key))) { throw new InvalidArgumentException("'{$file}' is not valid PEM public key (or passphrase is incorrect)."); } }
public function check(Oauth2_Token $token, $signature) { // Pull the public key ID from the certificate $public_key = openssl_get_publickey($token->public_cert); // Check the computed signature against the one passed in the query $ok = openssl_verify(parent::$identifier, base64_decode($signature), $public_key); // Release the key resource openssl_free_key($public_key); return $ok === 1; }