I need to verify a signature, which is a security feature in google's developer android api. They have a working example, which is written in kotlin.
Atm. I am trying to convert this code:
val decodedKey = Base64.decode(encodedPublicKey, Base64.DEFAULT)
val keyFactory = KeyFactory.getInstance("RSA")
return keyFactory.generatePublic(X509EncodedKeySpec(decodedKey))
The encodedPublicKey
is fix. I get it from google.
I installed phpseclib
and currently I try to convert the above code:
$decodedKey = base64_decode($encodedPublicKey);
$x509 = new X509();
$x509->loadX509($encodedPublicKey);
$rsa = $x509->getPublicKey();
return [$rsa, $x509];
I discovered that not even base64_decode($encodedPublicKey)
works. It returns nothing, while the kotlin code Base64.decode(encodedPublicKey, Base64.DEFAULT)
returns many decoded keys, example:
D/IABUtil/Security: decodedKey 0 :48
EDIT
kotlins Base64.decode(encodedPublicKey, Base64.DEFAULT)
returns a bytearray. I managed to get the same result by using unpack()
in php:
$decodedKey = unpack('c*', $decodedKey); // ByteArray
So at the end I used open ssl for this.
$publicKey = env('BASE_64_ENCODED_PUBLIC_KEY');
$key = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($publicKey, 64, "\n") . "-----END PUBLIC KEY-----";
$key = openssl_get_publickey($key);
if (false === $key) {
return ["Could not get public Key"];
}
$verify = openssl_verify($originalJson, base64_decode($signature), $key, "sha1WithRSAEncryption");
Credit: android in app billing v3 with php
It was important to convert the public key into the correct format. It must have 64 characters in each line.