verify java signature with openSSL under PHP
843811Nov 24 2005 — edited Nov 28 2005Hi i need to verify a signature that was generated with java using openSSL under PHP.
This is what I'm doing with no success:
I'm generating a signature in Java with this code:
Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");
dsa.initSign(priv);
String cadena="string to sign";
byte[] a = cadena.getBytes();
dsa.update(a);
byte[] realSig = dsa.sign();
Then I'm saving the signature to a file
FileOutputStream sigfos = new FileOutputStream("inventic.sig");
sigfos.write(realSig);
sigfos.close();
Now, I want to verify the signature in PHP using openSSL.
I've converted my certificate generated by keytool to PEM
I have this code:
// I get the public key
$fp = fopen("inventic.pem", "r");
$cert = fread($fp, 8192);
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
// I get the signature
$fp = fopen("inventic.sig", "r");
$signature = fread($fp, filsesize("inventic.sig"));
fclose($fp);
//I verify the signature
$data = 'string to verify';
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "<br>good";
} elseif ($ok == 0) {
echo "<br>bad";
} else {
echo "<br>ugly, error checking signature:<BR><BR>";
}
I always get -1 on verify, do you know what I'm doing wrong? or I'm trying to compare oranges with apples?
Thank you!
Banzinho