RSA_sign or DSA_sign in PHP!

Question

Hello developers,

I'm going to implement license key generator on my website but I've very few knowledges of php! In my (Cocoa) application I've integrate a system verification that use the RSA_sign function (in C#) ... I would like to use the paypal IPN notification system to automatically generate and send to my users their license keys ... but I really don't know how to sign a string in php using an RSA key!!! In php I know only the openss_sign function but it isn't the same thing! Or is better and easiest to use a DSA signing method???

Please, help!

Thanks in advance for all the replies!!!

Answer 1

You want openssl_sign().

EDIT:

• Make sure the message digest is the one you want to use to verify.
• Don't test it by comparing the base64 output with another signature, test it by verifying the signature in your C# code. I believe it's possible for two valid signatures with the same key of the same data to have differing binary representations.

Answer 2

Thank you! You are right!

I've found the problem, is in the hash string that I use with the openssl_sign! I've this code in objective-c:

NSString *stringToEncript = @"test";

const char *clearText = [stringToEncript UTF8String];

unsigned char md[SHA_DIGEST_LENGTH];
SHA1((unsigned char *)clearText, strlen(clearText), md);

for(int i=0; i<SHA_DIGEST_LENGTH; i++)
    printf("%x", md[i]);

and in php I've written:

$stringToEncrypt = "test";

$hash = sha1(utf8_encode($stringToEncrypt));
echo $hash;

The output of the first code is:

a94a8fe5ccb19ba61c4c873d391e987982fbbd3

The output of the second code is:

a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

As you can see there is a '0' missed! What do I wrong?