Digital sign in PHP using private key, check in C #

Question

Digital sign in PHP using private key, check in C #

I am working on a function that requires me to digitally sign a short string in PHP and verify the string signature in C #.

I would really like to use openssl_sign in PHP because of its simplicity, but all the information I can find on Google indicates that this will not work.

There are some external libraries that claim to do it well, however, since this is a hobby project, I would rather not buy such a library.

So what are the alternatives here? Full compatibility between C # and PHP is required. You can use libraries other than OpenSSL.

+3

c # php openssl digital-signature

Vegard larsen May 13, '09 at 6:02

source share

5 answers

russau · Answer 1 · 2009-09-01T02:26:55+0000

I did something very similar using the Bouncy Castle Crypto API . It looks like PHP openssl_sign uses SHA1 by default. If you use anything other than the default, you will need to change the algorithm parameter for GetSigner.

string base64pubkey = "<!-- BASE64 representation of your pubkey from open ssl -->";
RsaKeyParameters pubKey = PublicKeyFactory.CreateKey(Convert.FromBase64String(base64pubkey)) as RsaKeyParameters;
byte[] signature = Convert.FromBase64String("<!-- BASE64 representation of your sig -->");
byte[] message = Encoding.ASCII.GetBytes("Something that has been signed");


ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption");
sig.Init(false, pubKey);
sig.BlockUpdate(message, 0, message.Length);
if (sig.VerifySignature(signature))
{
    Console.WriteLine("all good!");
}

diadiora · Answer 2 · 2009-05-13T07:34:50+0000

You can use smth to verify a digital signature as follows:

string publicKey = "some key";
// Verifying Step 1: Create the digital signature algorithm object
DSACryptoServiceProvider verifier = new DSACryptoServiceProvider();

// Verifying Step 2: Import the signature and public key.
verifier.FromXmlString(publicKey);

// Verifying Step 3: Store the data to be verified in a byte array
FileStream file = new FileStream(args[0], FileMode.Open, FileAccess.Read);
BinaryReader reader = new BinaryReader(file2);
byte[] data = reader.ReadBytes((int)file2.Length);

// Verifying Step 4: Call the VerifyData method
if (verifier.VerifyData(data, signature))
    Console.WriteLine("Signature verified");
else
    Console.WriteLine("Signature NOT verified");
reader.Close();
file.Close();

Chad Birch · Answer 3 · 2009-05-13T06:08:34+0000

, - , SSL-? , MD5/SHA-1 ? , , , , .

blowdart · Answer 4 · 2009-05-13T06:13:27+0000

, this - , , , PHP #. , SHA * MD * , , ( SHA256, MD * SHA1 - )

Bob somers · Answer 5 · 2009-05-13T06:36:21+0000

- , . .

: ?

, , , . , , . , , .

Regarding cross-platform libraries ... you really need to worry about that. SHA1 is SHA1, is SHA1, regardless of which library generated it. The same thing happens with the generation and verification of digital signatures. Use what’s easiest in PHP and use what’s easiest in C #. If both of them are configured correctly, you should not worry about it.

Digital sign in PHP using private key, check in C #

More articles: