Utilities for generating and verifying signatures and converting between various key formats.
Primary operations revolve around TOGoS_RSAUtil_Signature
objects, which represent the signing of a specific piece of data with
a specific key.
A Signature indicates the key and data (either inline or by a hash URI),
the algorithm used to calculate the signature, and the signature data
itself.
See http://www.nuke24.net/docs/2012/RSA.html for my personal collection of information about key formats.
/*
* Assuming $dataStore is an object that the guy verifying also has
* access to
*/
$privateKey = file_get_contents('private-key.der'); // Will work with 'pem' files, too.
$publicKey = file_get_contents('public-key.der');
$payload = "Hello!";
$dataStore->store($payload);
$dataStore->store($publicKey);
$publicKeyUri = "urn:sha1:".TOGoS_Base32::encode(hash('sha1',$publicKey,true));
$sig = TOGoS_RSAUtil::sign($payload, $privateKey, OPENSSL_ALGO_SHA1);
$sigCodec = new TOGoS_RSAUtil_XKRTSignatureCodec();
$sigBlob = $sigCodec->encode($sig);
Send $sigBlob
to someone, and they can...
/*
* Assuming $dataStore and $sigBlob are input variables
* Using XKRT codec, the public key and payload data are referenced by
* but not contained in the signature. We fetch them from $dataStore.
*/
$sigCodec = new TOGoS_RSAUtil_XKRTSignatureCodec();
$sig = $sigCodec->decode($sigBlob);
TOGoS_RSAUtil::verify($sig, $dataStore);
echo "Signature was valid! Here's the data!\n";
echo (string)$dataStore->getBlob($sig->getPayloadUri());