togos / rsa-util
Library for generating and verifying RSA signatures
0.1.0
2015-11-13 18:55 UTC
Requires
- php: >=5.2
Requires (Dev)
- earthit/php-common: ^1.1.0
- phpunit/phpunit: ^3.7
- togos/base32: ^1.0.1
- togos/png-chunks: ^1.0.1
This package is auto-updated.
Last update: 2024-11-20 04:20:00 UTC
README
PHP RSA Util
Utilities for generating and verifying signatures and converting between various key formats.
Primary operations revolve around TOGoS_RSAUtil_Signature
objects, which represent the signing of a specific piece of data with
a specific key.
A Signature indicates the key and data (either inline or by a hash URI),
the algorithm used to calculate the signature, and the signature data
itself.
See http://www.nuke24.net/docs/2012/RSA.html for my personal collection of information about key formats.
Usage example
/* * Assuming $dataStore is an object that the guy verifying also has * access to */ $privateKey = file_get_contents('private-key.der'); // Will work with 'pem' files, too. $publicKey = file_get_contents('public-key.der'); $payload = "Hello!"; $dataStore->store($payload); $dataStore->store($publicKey); $publicKeyUri = "urn:sha1:".TOGoS_Base32::encode(hash('sha1',$publicKey,true)); $sig = TOGoS_RSAUtil::sign($payload, $privateKey, OPENSSL_ALGO_SHA1); $sigCodec = new TOGoS_RSAUtil_XKRTSignatureCodec(); $sigBlob = $sigCodec->encode($sig);
Send $sigBlob
to someone, and they can...
/* * Assuming $dataStore and $sigBlob are input variables * Using XKRT codec, the public key and payload data are referenced by * but not contained in the signature. We fetch them from $dataStore. */ $sigCodec = new TOGoS_RSAUtil_XKRTSignatureCodec(); $sig = $sigCodec->decode($sigBlob); TOGoS_RSAUtil::verify($sig, $dataStore); echo "Signature was valid! Here's the data!\n"; echo (string)$dataStore->getBlob($sig->getPayloadUri());