openssl_spki_verify

(PHP 5 >= 5.6.0, PHP 7)

openssl_spki_verify — 验证签名公钥和挑战。

说明

openssl_spki_verify ( string &$spkac ) : string

验证所提供的签名公钥和挑战。

参数

spkac: 期望一个有效的签名公钥和挑战。

返回值

成功，返回true, 失败返回false.

错误／异常

如果spkac参数不是一个可用的参数，将会抛出一个 E_WARNING 等级的错误。

范例

Example #1 openssl_spki_verify() 范例：

验证现有签名公钥和挑战


<?php
$pkey = openssl_pkey_new('secret password');
$spkac = openssl_spki_new($pkey, 'challenge string');

if (openssl_spki_verify(preg_replace('/SPKAC=/', '', $spkac))) {
    echo $spkac;
} else {
    echo "SPKAC validation failed";
}
?>

Example #2 openssl_spki_verify() example from <keygen>

通过<keygen> 元素验证现有签名公钥和挑战


<?php
if (openssl_spki_verify(preg_replace('/SPKAC=/', '', $_POST['spkac']))) {
    echo $spkac;
} else {
    echo "SPKAC validation failed";
}
?>
<keygen name="spkac" challenge="challenge string" keytype="RSA">

参见

openssl_spki_new() - 生成一个新的签名公钥和挑战
openssl_spki_export_challenge() - 导出与签名公钥和挑战相关的挑战字符串
openssl_spki_export() - 通过签名公钥和挑战导出一个可用的PEM格式的公钥
openssl_md_method()
openssl_csr_new() - 生成一个 CSR
openssl_csr_sign() - 用另一个证书签署 CSR (或者本身) 并且生成一个证书

User Contributed Notes

carloshlfzanon at gmail dot com 26-Apr-2017 08:54


This openssl_spki_* funcs are very usefull to use with <keygen/> tag in html5.



Example:



<?php

session_start();



// form submitted... (?)

if(isset($_POST['security']))

{

    // If true, the send from <keygen/> is valid and you can

    // test the challenge too

    if(openssl_spki_verify($_POST['security']))

    {

        // Gets challenge string

        $challenge = openssl_spki_export_challenge($_POST['security']);



        // If true... you are not trying to trick it.

        // If user open 2 windows to prevent data lost from a "mistake" or him just press "back" button

        //  and re-send last data... you can handle it using something like it.

        if($challenge == $_SESSION['lastForm'])

        {

            echo 'Ok, this one is valid.', '<br><br>';

        }

        else

        {

            echo 'Nice try... nice try...', '<br><br>'; 

        }

    }



}



// If you open two window, the challenge won't match!

$_SESSION['lastForm'] = hash('md5', microtime(true));



?>



<!DOCTYPE html>

<html>

<body>



<form action="/index.php" method="post">

  Encryption: <keygen name="security" keytype="rsa" challenge="<?php echo $_SESSION['lastForm']; ?>"/>

  <input type="submit">

</form>



</body>

</html>