This openssl_spki_* funcs are very usefull to use with <keygen/> tag in html5.
Example:
<?php
session_start();
// form submitted... (?)
if(isset($_POST['security']))
{
// If true, the send from <keygen/> is valid and you can
// test the challenge too
if(openssl_spki_verify($_POST['security']))
{
// Gets challenge string
$challenge = openssl_spki_export_challenge($_POST['security']);
// If true... you are not trying to trick it.
// If user open 2 windows to prevent data lost from a "mistake" or him just press "back" button
// and re-send last data... you can handle it using something like it.
if($challenge == $_SESSION['lastForm'])
{
echo 'Ok, this one is valid.', '<br><br>';
}
else
{
echo 'Nice try... nice try...', '<br><br>';
}
}
}
// If you open two window, the challenge won't match!
$_SESSION['lastForm'] = hash('md5', microtime(true));
?>
<!DOCTYPE html>
<html>
<body>
<form action="/index.php" method="post">
Encryption: <keygen name="security" keytype="rsa" challenge="<?php echo $_SESSION['lastForm']; ?>"/>
<input type="submit">
</form>
</body>
</html>
openssl_spki_verify
(PHP 5 >= 5.6.0, PHP 7)
openssl_spki_verify — Verifies a signed public key and challenge
Description
openssl_spki_verify
( string
&$spkac
) : stringValidates the supplied signed public key and challenge
Parameters
-
spkac -
Expects a valid signed public key and challenge
Return Values
Returns a boolean on success or failure.
Errors/Exceptions
Emits an E_WARNING level error if an invalid argument
is passed via the spkac parameter.
Examples
Example #1 openssl_spki_verify() example
Validates an existing signed public key and challenge
<?php
$pkey = openssl_pkey_new('secret password');
$spkac = openssl_spki_new($pkey, 'challenge string');
if (openssl_spki_verify(preg_replace('/SPKAC=/', '', $spkac))) {
echo $spkac;
} else {
echo "SPKAC validation failed";
}
?>
Example #2 openssl_spki_verify() example from <keygen>
Validates an existing signed public key and challenge issued from the <keygen> element
<?php
if (openssl_spki_verify(preg_replace('/SPKAC=/', '', $_POST['spkac']))) {
echo $spkac;
} else {
echo "SPKAC validation failed";
}
?>
<keygen name="spkac" challenge="challenge string" keytype="RSA">
See Also
- openssl_spki_new() - Generate a new signed public key and challenge
- openssl_spki_export_challenge() - Exports the challenge assoicated with a signed public key and challenge
- openssl_spki_export() - Exports a valid PEM formatted public key signed public key and challenge
- openssl_get_md_methods() - Gets available digest methods
- openssl_csr_new() - Generates a CSR
- openssl_csr_sign() - Sign a CSR with another certificate (or itself) and generate a certificate
add a note
User Contributed Notes 1 note
carloshlfzanon at gmail dot com ¶
2 years ago
