问题
I have a signed PDF document. It was signed by using TCPDF. Now I want to verify it. This is my solution:
- Get content of signed pdf.
- Get original content and signature value base on /ByRange field.
- Get encrypted digest message from signature value. It's octet string at the end of signature value.
- Use Openssl_public_decrypt() function to decrypt the encrypted digest message with public key. Then we have a string which has a prefix ("3021300906052b0e03021a05000414"). This prefix denotes the hash function used is SHA-1. After removing the prefix, we obtain digest message D1.
- Use SHA1() function to hash original content, we obtain digest message D2.
- Compare D1 with D2. If D1 = D2 then signature is valid and vice versa.
My problem is in last step, when I compare D1 with D2, they are not equal. I don't know why. Thanks for any help.
回答1:
You should try based on following example
<?php
// $data and $signature are assumed to contain the data and the signature
// fetch public key from certificate and ready it
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");
// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
echo "good";
} elseif ($ok == 0) {
echo "bad";
} else {
echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>
more Examples ad explanation
http://www.php.net/manual/en/function.openssl-verify.php
来源:https://stackoverflow.com/questions/23028774/verify-signed-pdf-document-in-php