reactjs - How to verify signature from PHP in React Typescript?

View Original

one text

I have a signature function that comes from openssl API in PHP using ECDSA with SHA256, I need to verify this signature in a React Typescript environment with Elliptic library. I think it could be relevant to know that I don't have formal CS background.

I' testing in a PHP 8.1 - apache docker, I generated the keys with openssl on Ubuntu 22.04:

openssl ecparam -name secp256k1 -genkey -noout -out private_key.pem
openssl ec -in private_key.pem -text -noout

It doesn't matter if another curve is used, it just has to be at least as secure as a standard 256 bit curve.

private_key.pem (don't use in production)

-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIElP6IpLbE3Jd7KdBjlHtgtJfcZ94/OEkCoIsl/iV8q8oAcGBSuBBAAK
oUQDQgAECQ5QVzipmVe7SUco3rzOgvaO+f70wN5jVVHDK2bSVY1OV3OCW0UZmSjU
az/p1DNMYv9tcjPUuPwf+eCtxXSepg==
-----END EC PRIVATE KEY-----

signature function

<?php

function my_sign($data)
{
    $keyfile = file_get_contents("private_key.pem");
    $private_key = openssl_get_privatekey($keyfile);

    openssl_sign(bin2hex($data), $signature, $private_key, OPENSSL_ALGO_SHA256);

    return base64_encode($signature);
}

$test_str = "test_str";

$signature64 = my_sign($test_str);

?>

.env.local (public key)

REACT_APP_V_KEY = 04090e505738a99957bb494728debcce82f68ef9fef4c0de635551c32b66d2558d4e5773825b45199928d46b3fe9d4334c62ff6d7233d4b8fc1ff9e0adc5749ea6

verification function

import { Buffer } from "buffer";

const V_KEY: string = process.env.REACT_APP_V_KEY as string;

export function my_verify(data: string, signature64: string)
{
    let EC = require('elliptic').ec;
    let ec = new EC('secp256k1');
    let key = ec.keyFromPublic(V_KEY, 'hex');

    let signature = Buffer.from(signature64, "base64").toString("hex");
    let datahex = Buffer.from(data, "utf-8").toString("hex");

    return key.verify(datahex, signature);
}

import { my_verify } from "/verify";

const test_field_test_str: string = json_response["test_field"]["test_str"];
const test_field_sign: string = json_response["test_field"]["signature64"];

console.log("verification: ", my_verify(test_field_test_str, test_field_sign));

Verification always returns false on client side, my guess is that it has something to do with DER format and/or public key, I'm pretty lost after checking that data and signature strings in hexadecimal print/log the same on client and server. How to properly verify signature from PHP server in React Typescript client?

Source
© 2021
E-mail: contact@webdevask.com
Back to top