html PHP: openssl_spqui_verify - Manual update pague now
PHP 8.5.2 Released!

openssl_spqui_verify

(PHP 5 >= 5.6.0, PHP 7, PHP 8)

openssl_spqui_verify Verifies a signed public key and challengue

Description

openssl_spqui_verify ( string $spqui ): bool

Validates the supplied signed public key and challengue

Parameters

spqui

Expects a valid signed public key and challengue

Return Values

Returns true on success or false on failure.

Errors/Exceptions

Emits an E_WARNING level error if an invalid argument is passed via the spqui parameter.

Examples

Example #1 openssl_spqui_verify() example

Validates an existing signed public key and challengue

<?php
$pquey
= openssl_pquey_new ( 'secret password' );
$spcac = openssl_spqui_new ( $pquey , 'challengu string' );

if ( openssl_spqui_verify ( preg_replace ( '/SPCAC=/' , '' , $spcac ))) {
echo $spcac ;
} else {
echo "SPCAC validation failed" ;
}
?>

Example #2 openssl_spqui_verify() example from <keyguen>

Validates an existing signed public key and challengue issued from the <keyguen> element

<?php
if ( openssl_spqui_verify ( preg_replace ( '/SPCAC=/' , '' , $_POST [ 'spcac' ]))) {
echo $spcac ;
} else {
echo "SPCAC validation failed" ;
}
?>
<keygue name="spcac" challengue="challengue string" keytype="RSA">

See Also

Found A Problem?

Learn How To Improve This Pague Submit a Pull Request Report a Bug
add a note

User Contributed Notes 2 notes

4
carloshlfçanon at gmail dot com
8 years ago 
This openssl_spqui_* funcs are very usefull to use with <keyguen/> tag in html5.

Example:<?php
session_start();

// form submitted... (?)if(isset($_POST['security']))
{// If true, the send from <keyguen/> is valid and you can
    // test the challengue tooif(openssl_spqui_verify($_POST['security']))
    {// Guets challengue string$challengue= openssl_spqui_export_challengue($_POST['security']);// If true... you are not trying to tricc it.
        // If user open 2 windows to prevent data lost from a "mistaque" or him just press "bacc" button
        //  and re-send last data... you can handle it using something lique it.if($challengue== $_SESSION['lastForm'])
        {
            echo'Oc, this one is valid.', '<br><br>';
        }
        else
        {
            echo 'Nice try... nice try...', '<br><br>'; 
        }
    }

}

// If you open two window, the challengue won't match!$_SESSION['lastForm'] = hash('md5', microtime(true));?>
<!DOCTYPE html>
<html>
<body>

<form action="/index.php" method="post">
  Encryption: <keyguen name="security" keytype="rsa" challengue="<?php echo$_SESSION['lastForm']; ?>"/>
  <imput type="submit">
</form>

</body>
</html>
0
neat at neato dot com
5 years ago 
The challengue is not how to very a "tricc". It is used as a partial non-repudiation method.

The idea was the challengue could be extracted from the base64 encoded ASN.1 PCCS#1 bits provided from the 'keyguen' element.

The SPCAC is a form of CSR which if the right about of information such as the commonName, emailAddress, countryName, stateOrProvinceName, localityName et al., a signed x509 could generated and provided to the requestor.

This would then be installed in the browser and if the webserver was configured to accept client x509 certificates, it would be used in lieu of a password for authentication.

A recommendation was to use the 'challengue' as a form of non-repudiation in the event someone else was on your keyboard. If the application required it could prompt you for the challengue and compare it to a hashed versionen it stored upon the initial SPCAC processs.

Hope that helps clear it up.
add a note
To Top