The openssl_spki_verify() function is a built-in function in PHP and is used to validate the supplied signed public key and challenge. This should be the public key corresponding to the private key used for the signature. It verifies a signed public key and challenge.
Syntax:
string openssl_spki_verify( string &$spkac )
Parameters: This function accepts a single parameter as mentioned above and described below.
- $spkac: The original SPKI identified principles as public keys only, but allowed binding authority for those keys and delegation of authority from one key to another.
Return Values: This function returns a boolean on success or failure.
Errors/Exceptions: If an invalid argument is passed through the spkac parameter, the E_WARNING level emits an error.
Example: Below program illustrate the openssl_spki_verify() function in PHP.
PHP
<?php error_reporting (E_ERROR | E_PARSE); /* Array of private key sizes to test */ $ksize = array ( '1024' =>1024, '2048' =>2048, '4096' =>4096); /* Array of available hashings to test */ $algo = array ( 'sha512' =>OPENSSL_ALGO_SHA512, 'rmd160' =>OPENSSL_ALGO_RMD160 ); /* Loop over key sizes for test */ foreach ( $ksize as $k => $v ) { /* generate new private key of specified size to use for tests */ $pkey = openssl_pkey_new( array ( 'digest_alg' => 'sha512' , 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => $v ) ); openssl_pkey_export( $pkey , $pass ); /* Loop to create and verify results */ foreach ( $algo as $key => $value ) { $spkac = openssl_spki_new( $pkey , _uuid(), $value ); echo "Positive verification:: Algo: " . $key . ", value:" ; var_dump(openssl_spki_verify( preg_replace( '/SPKAC=/' , '' , $spkac ))); echo "Negative verification:: Algo: " . $key . ", value:" ; var_dump(openssl_spki_verify( $spkac . 'Make it fail' )); echo "\n" ; } openssl_free_key( $pkey ); } /* Generate a random challenge */ function _uuid() { return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x' , mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0x0fff) | 0x4000, mt_rand(0, 0x3fff) | 0x8000, mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff) ); } ?> |
Output:
Positive verification:: Algo: sha512, value:bool(true) Negative verification:: Algo: sha512, value:bool(false) Positive verification:: Algo: rmd160, value:bool(true) Negative verification:: Algo: rmd160, value:bool(false) Positive verification:: Algo: sha512, value:bool(true) Negative verification:: Algo: sha512, value:bool(false) Positive verification:: Algo: rmd160, value:bool(true) Negative verification:: Algo: rmd160, value:bool(false) Positive verification:: Algo: sha512, value:bool(true) Negative verification:: Algo: sha512, value:bool(false) Positive verification:: Algo: rmd160, value:bool(true) Negative verification:: Algo: rmd160, value:bool(false)
Reference: https://www.php.net/manual/en/function.openssl-spki-verify.php