4

I have a signed PDF document. It was signed by using TCPDF. Now I want to verify it. This is my solution:

  • Get content of signed pdf.
  • Get original content and signature value base on /ByRange field.
  • Get encrypted digest message from signature value. It's octet string at the end of signature value.
  • Use Openssl_public_decrypt() function to decrypt the encrypted digest message with public key. Then we have a string which has a prefix ("3021300906052b0e03021a05000414"). This prefix denotes the hash function used is SHA-1. After removing the prefix, we obtain digest message D1.
  • Use SHA1() function to hash original content, we obtain digest message D2.
  • Compare D1 with D2. If D1 = D2 then signature is valid and vice versa.

My problem is in last step, when I compare D1 with D2, they are not equal. I don't know why. Thanks for any help.

xuanhai266
  • 423
  • 3
  • 13

1 Answers1

0
You should try based on following example
<?php
// $data and $signature are assumed to contain the data and the signature

// fetch public key from certificate and ready it
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");

// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
    echo "good";
} elseif ($ok == 0) {
    echo "bad";
} else {
    echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>
more Examples ad explanation
 http://www.php.net/manual/en/function.openssl-verify.php
Hardik Vyas
  • 500
  • 1
  • 7
  • 27