Windows to verify signature from Open SSL php

Question

I use PHP to sign a string with openssl_sign. So far all ok.

The problem is that I want to verify the signature from Windows. For that I pass the certificate, the message, and it's signature to the windows app. How do I use CryptVerifyDetachedMessageSignature to force using the certificate that the PHP code used?

I tried it, but it returns "asn1 bad tag value met" on the signature created by PHP ...

Thanks...

Answer 1

It's hard to say since you haven't posted your code or a sample signature / plaintext / key. But, in lieu of that, here's how I'd do it (with phpseclib):

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
//$rsa->setPassword('password');
$rsa->loadKey('...'); // private key

$plaintext = '...';

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($plaintext);

$rsa->loadKey('...'); // public key
echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
?>

If the signature mode is PSS just do $rsa->setSignatureMode() (without any parameters) instead.

If the signature and plaintext are both in the same blob you'll need to separate it per whatever file format you're using.

Answer 2

No luck. I finally resorted to openssl_pkcs7_sign which outputs a S/MIME compatible message, which I can handle in Windows.