2

I'm trying to test my server side IAB signature verification method. I want to use my public and private key (not the ones from Google), so I'm faking a receipt and signing it with id_rsa.pub:

openssl dgst -binary -sha1 -sign /Users/user/.ssh/id_rsa receipt.json | openssl base64 > signature.txt

In php i want to verify it with openssl_verify:

$publicKey = // content of /Users/user/.ssh/id_rsa.pub

// Public key in id_rsa.pub with proper header and footer
$publicKeyFull = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($publicKey, 64, "\n") .  "-----END PUBLIC KEY-----";

// Data
$data = // content of receipt.json WITHOUT LINE BREAKS

// Public key id
$publicKeyId = openssl_get_publickey($publicKeyFull);

// Signature
$signature = // content of signature.txt generated previously

// receipt.json, signature.txt, id_rsa.public
$verified = openssl_verify($data, base64_decode($signature), $publicKeyId, OPENSSL_ALGO_SHA1);

var_dump($verified);

Verified is always false and I get:

Warning: openssl_verify(): supplied key param cannot be coerced into a public key in...

What's wrong with my id_rsa.pub key?

jww
  • 97,681
  • 90
  • 411
  • 885
Jumpa
  • 4,319
  • 11
  • 52
  • 100
  • Possible duplicate of [Supplied key param cannot be coerced into a private key using Google Private Key](http://stackoverflow.com/q/21149200), [openssl_verify , Warning: openssl_verify(): supplied key param cannot be coerced into a public key](http://stackoverflow.com/q/34140563), [Can't verify openssl public key](http://stackoverflow.com/q/22938042), and [openssl_verify(): supplied key param cannot be coerced into a public key for a .pem file](http://stackoverflow.com/q/26406753) – jww Dec 29 '15 at 07:18
  • Possible duplicate of [android in app billing v3 with php](http://stackoverflow.com/questions/16535025/android-in-app-billing-v3-with-php) – bummi Feb 11 '16 at 06:53

1 Answers1

0

You're passing $verified wrong as @the-awnry-bear mentioned for the same type of error.

Please check below:

android in app billing v3 with php

Community
  • 1
  • 1
WiTon Nope
  • 166
  • 4
  • 20
  • What am I passing wrong? In the answer you linked, the OP is passing purchaseToken...I'm passing the correct entire JSON. – Jumpa Feb 12 '16 at 16:57
  • Your error message shows that $publicKey is not being read correctly and should insert a value rather adding a link to aa file thus let the value of the file be parsed into $publicKey this way it should work fine. – WiTon Nope Feb 12 '16 at 22:03