The signature and verification of a
Certificate are often used when docking interfaces with third parties, for identity verification and to prevent data tampering. The process of verifying the signature of a digital certificate in a PFX format and the public key of a CER format are sorted below.
Tips: PHP is required to open OpenSSL. Signature
/** * Signature/public static function sign ($params, $keyPath, $pwd) {$params _str = Arrtoquery (
$params, false);
$params _sha1x16 = SHA1 ($params _str, false);
$private _key = Self::getprivatekey ($keyPath, $pwd);
$isSignSucceed = Openssl_sign ($params _sha1x16, $signature, $private _key);
if ($isSignSucceed) {$signature _base64 = Base64_encode ($signature);
$params [' signature '] = $signature _base64;
Larequest (">>>>> signature success <<<<<<<");
else {larequest (">>>>> signature failed <<<<<<<");
return $params;
The function arrtoquery ($arrayQuery, $urlEncode = True) {Ksort ($arrayQuery);
$tmp = Array (); foreach ($arrayQuery as $k => $param) {$tmp [] = $k. '=' .
($urlEncode. UrlEncode ($param): $param);
} $params = Implode (' & ', $tmp); return $pArams;
The public static function Getprivatekey ($keyPath, $pwd) {$PKCS = file_get_contents ($keyPath);
Openssl_pkcs12_read ($PKCS, $certs, $pwd);
return $certs [' Pkey ']; }
Verification of the sign
public static function Verify ($params, $pubkeyPath)
{
$signature _str = $params [' signature '];
$signature = Base64_decode ($signature _str);
unset ($params [' signature ']);
$public _key = file_get_contents ($pubkeyPath);
$params _str = Arrtoquery ($params, false);
$params _sha1x16 = SHA1 ($params _str, false);
$isSuccess = openssl_verify ($params _sha1x16, $signature, $public _key);
return $isSuccess;
}
function Arrtoquery ($arrayQuery, $urlEncode = True)
{
ksort ($arrayQuery);
$tmp = Array ();
foreach ($arrayQuery as $k => $param) {
$tmp [] = $k. '=' . ($urlEncode. UrlEncode ($param): $param);
}
$params = Implode (' & ', $tmp);
return $params;
}