All geek questions in one place

How to use hash_hmac () with "SHA256withRSA" in PHP?

I am trying to get WebHooks PayPal to work with my PHP application. The problem is the hashing algorithm, which they send through the headers that I should use to check if the request is valid.

When I try to use it, I get this error:

hash_hmac(): Unknown hashing algorithm: SHA256withRSA

I tried hash_hmac using only "sha256" algo and it worked, so I think the problem should be with the one that they want me to use.

Here is the code I use to handle Webhook:

$headers = apache_request_headers();

$body = @file_get_contents('php://input');
$json = json_decode($body);

// Concatanate the reqired strings values
$sigString = $headers['PAYPAL-TRANSMISSION-ID'].'|'.$headers['PAYPAL-TRANSMISSION-TIME'].'|'.$json->id.'|'.crc32($body);

// Get the certificate file and read the key
$pub_key = openssl_pkey_get_public(file_get_contents($headers['PAYPAL-CERT-URL']));
$keyData = openssl_pkey_get_details($pub_key);

// check signature
if ($headers['PAYPAL-TRANSMISSION-SIG'] != hash_hmac($headers['PAYPAL-AUTH-ALGO'],$sigString,$keyData['key'])) {
    //invalid
}
+1
source share
2 answers

Here is the code that worked at the end:

// Get the certificate file and read the key
$pubKey = openssl_pkey_get_public(file_get_contents($headers['PAYPAL-CERT-URL']));
$details = openssl_pkey_get_details($pubKey);

$verifyResult = openssl_verify($sigString, base64_decode($headers['PAYPAL-TRANSMISSION-SIG']), $details['key'], 'sha256WithRSAEncryption');

if ($verifyResult === 0) {
    throw new Exception('signature incorrect');
} elseif ($verifyResult === -1) {
    throw new Exception('error checking signature');
}

//rest of the code when signature is correct...

, PayPal base64_decode(), - , openssl_pkey_get_details()

0

, HMAC (), , , RSA (). openssl_verify . , :

//your code here...

// Get the certificate file and read the key
$pubKey = openssl_pkey_get_public(file_get_contents($headers['PAYPAL-CERT-URL']));

$verifyResult = openssl_verify($sigString, $headers['PAYPAL-TRANSMISSION-SIG'], $pubKey, 'sha256WithRSAEncryption');

if ($verifyResult === 0) {
    throw new Exception('signature incorrect');
} elseif ($verifyResult === -1) {
    throw new Exception('error checking signature');
}

//rest of the code when signature is correct...

, PayPal, , PHP. openssl_get_md_methods, PHP.

0

Source: https://habr.com/ru/post/1627682/

More articles:


All Articles