I'm trying to test my server side IAB signature verification method. I want to use my public and private key (not the ones from Google), so I'm faking a receipt and signing it with id_rsa.pub:
openssl dgst -binary -sha1 -sign /Users/user/.ssh/id_rsa receipt.json | openssl base64 > signature.txt
In php i want to verify it with openssl_verify:
$publicKey = // content of /Users/user/.ssh/id_rsa.pub
// Public key in id_rsa.pub with proper header and footer
$publicKeyFull = "-----BEGIN PUBLIC KEY-----
" . chunk_split($publicKey, 64, "
") . "-----END PUBLIC KEY-----";
// Data
$data = // content of receipt.json WITHOUT LINE BREAKS
// Public key id
$publicKeyId = openssl_get_publickey($publicKeyFull);
// Signature
$signature = // content of signature.txt generated previously
// receipt.json, signature.txt, id_rsa.public
$verified = openssl_verify($data, base64_decode($signature), $publicKeyId, OPENSSL_ALGO_SHA1);
var_dump($verified);
Verified is always false and I get:
Warning: openssl_verify(): supplied key param cannot be coerced into a public key in...
What's wrong with my id_rsa.pub key?
You're passing $verified wrong as @the-awnry-bear mentioned for the same type of error.
Please check below: