Digital signature with certificate

Asked

Viewed 711 times

0

How to obtain the data generated from a digital signature, made with a Brazilian digital certificate in a PDF, using openssl and php?

I am using openssl_verify to verify that the document has not been modified and signature is authenticated, but I need the hash generated in the signature, but I cannot get it

1 answer

1

There is an example that explains this in the PHP manual using hash on the link: http://php.net/manual/en/function.openssl-verify.php

See if it can help you, it explains how the method works, and how to use it code:

<?php
//data you want to sign
$data = 'my data';

//create new private and public key
$private_key_res = openssl_pkey_new(array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$details = openssl_pkey_get_details($private_key_res);
$public_key_res = openssl_pkey_get_public($details['key']);

//create signature
openssl_sign($data, $signature, $private_key_res, "sha1WithRSAEncryption");

//verify signature
$ok = openssl_verify($data, $signature, $public_key_res, OPENSSL_ALGO_SHA1);
if ($ok == 1) {
    echo "valid";
} elseif ($ok == 0) {
    echo "invalid";
} else {
    echo "error: ".openssl_error_string();
}

If you know what kind of hash was used to encrypt your signature, just pass it by parameter in openssl_verify as in the example, the encryption hash is usually specified in the integration manual you are trying to perform.

  • The pro problem is how I will get this data. The $data is the PDF?

  • This @Epitáciobessa the $data would be your PDF (unsigned), it will compare with the variable $Signature (signed file) using the key and the hash, ai if they are equal, return true.

  • Let’s say I already have this PDF signed, how do I know if it has been modified or is authentic to the original? I know you need the hash generated by the signature and the document, then you apply a hash function with the public key in this signature, then you apply another function has in the document and you make the comparisons, if they are equal you are authentic, if not, the document has been modified.

  • I just don’t know how I do it in php, I’m not sure if the openssl_verify does this, in background.

  • I see that would not be this function, because according to the PHP manual the function openssl_verify serves to verify that the output (signed) is correct. The manual definition says: Checks that the signature is correct for the specified data using the public key associated with pub_key_id. This must be the public key corresponding to the private key used to sign. It’s more to see if the public key used matches the private one used to sign. So if you want to do the reverse process without owning the original file, it won’t be that function.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.