PHP 8.4.2 Released!

    openssl_spki_verify

    (PHP 5 >= 5.6.0, PHP 7, PHP 8)

    openssl_spki_verifyVerifica uma chave pública assinada e um desafio

    Descrição

    openssl_spki_verify(string $spki): bool

    Valida a chave pública assinada e o desafio fornecidos.

    Parâmetros

    spki

    Espera uma chave pública assinada válida e um desafio

    Valor Retornado

    Retorna true em caso de sucesso ou false em caso de falha.

    Erros/Exceções

    Emite um erro de nível E_WARNING se um argumento inválido for passado através do parâmetro spki.

    Exemplos

    Exemplo #1 Exemplo de openssl_spki_verify()

    Valida uma chave pública assinada existente e um desafio

    <?php
    $pkey     = openssl_pkey_new('senha secreta');
    $spkac = openssl_spki_new($pkey, 'string de desafio');

    if (    openssl_spki_verify(preg_replace('/SPKAC=/', '', $spkac))) {
    echo     $spkac;
    } else {
    echo     "Validação de SPKAC falhou";
    }
    ?>

    Exemplo #2 Exemplo de openssl_spki_verify() a partir de <keygen>

    Valida uma chave pública assinada existente e um desafio emitido pelo elemento <keygen>.

    <?php
    if (openssl_spki_verify(preg_replace('/SPKAC=/', '', $_POST['spkac']))) {
    echo     $spkac;
    } else {
    echo     "Validação de SPKAC falhou";
    }
    ?>
    <keygen name="spkac" challenge="string de desafio" keytype="RSA">

    Veja Também

    Melhore Esta Página

    Aprenda Como Melhorar Esta PáginaEnvie uma Solicitação de ModificaçãoReporte um Problema
    adicione uma nota

    Notas Enviadas por Usuários (em inglês) 2 notes

    up
    3
    carloshlfzanon at gmail dot com
    7 years ago
    This openssl_spki_* funcs are very usefull to use with <keygen/> tag in html5.

    Example:

    <?php
    session_start    ();

    // form submitted... (?)
    if(isset($_POST['security']))
    {
    // If true, the send from <keygen/> is valid and you can
    // test the challenge too
    if(openssl_spki_verify($_POST['security']))
    {
    // Gets challenge string
    $challenge = openssl_spki_export_challenge($_POST['security']);

    // If true... you are not trying to trick it.
    // If user open 2 windows to prevent data lost from a "mistake" or him just press "back" button
    // and re-send last data... you can handle it using something like it.
    if($challenge == $_SESSION['lastForm'])
    {
    echo     'Ok, this one is valid.', '<br><br>';
    }
    else
    {
    echo     'Nice try... nice try...', '<br><br>';
    }
    }

    }

    // If you open two window, the challenge won't match!
    $_SESSION['lastForm'] = hash('md5', microtime(true));

    ?>

    <!DOCTYPE html>
    <html>
    <body>

    <form action="/index.php" method="post">
    Encryption: <keygen name="security" keytype="rsa" challenge="<?php echo $_SESSION['lastForm']; ?>"/>
    <input type="submit">
    </form>

    </body>
    </html>
    up
    0
    neat at neato dot com
    4 years ago
    The challenge is not how to very a "trick". It is used as a partial non-repudiation method.

    The idea was the challenge could be extracted from the base64 encoded ASN.1 PKCS#1 bits provided from the 'keygen' element.

    The SPKAC is a form of CSR which if the right about of information such as the commonName, emailAddress, countryName, stateOrProvinceName, localityName et al., a signed x509 could generated and provided to the requestor.

    This would then be installed in the browser and if the webserver was configured to accept client x509 certificates, it would be used in lieu of a password for authentication.

    A recommendation was to use the 'challenge' as a form of non-repudiation in the event someone else was on your keyboard. If the application required it could prompt you for the challenge and compare it to a hashed version it stored upon the initial SPKAC process.

    Hope that helps clear it up.
    adicione uma nota
    To Top