1

I need to use an API but first to login I need to create signature.

1. Concatenate the API key with the current timestamp in the format below:
<<APIKEY>>_<<timestamp(yyyy'-'MM'-'ddTHH:mm:ss.fffZ)>>

and this step is easy:

hash('sha256', $data);

result is: 9952375a30708b46739986482303cae30ad51fc9a362b5794d298dfc22f7ec02 and this is correct result

The next step is:

2. The combination of the created signature along with the provided API secret key will act as the
digital signature of the call.

I have API secret key like:

    -----BEGIN PUBLIC KEY-----
9IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgBSU90PX4WyXFAZ/+M84dJNEi
/0j5OermfydTU4g2JvnpO6BOQjNpb5+mOLjVoij7DWTdDtx1WThRm04N3DVuyh+a
5cledvMbcngvyiXpQCdskT9bVmI4QLbmRny46S7MER1jhziMQRfRw9gbmlB2iCEq
n21kDr842Q+WDtLE4QIDAQA9
-----END PUBLIC KEY-----

How I can get Digital signature with a combination of created signature and provided API secret key?

There is an Python example like:

key = api_key + '_' + timestamp

print "message", key

sha_hash = hashlib.sha256(key).hexdigest()

print "sha256 hash:", sha_hash


rsa_key = RSA.importKey(pub_key)
cipher = PKCS1_v1_5.new(rsa_key)
signature = base64.encodestring(cipher.encrypt(sha_hash))

but how I can get signature using PHP?

neubert
  • 15,947
  • 24
  • 120
  • 212
Aleks Per
  • 1,549
  • 7
  • 33
  • 68
  • Not sure what platform you are on but looked at [`openssl_encrypt`](https://www.php.net/openssl_encrypt)? – ficuscr Aug 20 '19 at 15:49
  • Yes, I think I need to use openssl_encript – Aleks Per Aug 20 '19 at 15:51
  • There are some other options but I figure openssl is generally maintained on most systems. FWIW: [Simplest two-way encryption using PHP](https://stackoverflow.com/questions/9262109/simplest-two-way-encryption-using-php) - old one, some info might be outdated. – ficuscr Aug 20 '19 at 15:58
  • @ficuscr Can you please write an answer on this? – Aleks Per Aug 20 '19 at 16:41

1 Answers1

2

While there are numerous ways to accomplish this, I recommend leveraging the openssl_public_encrypt method. There are other crypt functions and even pure PHP implementations of RSA but they are likely not as current and well maintained as openSSL is going to be on a linux system. Don't forget all the disruption in SSL/TLS these last years. Everything from retiring older protocols and weaker cyphers to POODLE type exploits.

If for whatever reason that is not an option I would probably look into phpseclib. https://github.com/phpseclib/phpseclib

Really might come down to what makes the most sense for your project... OS, portability, speed, etc.

Here is that Python snippet converted to equivalent PHP code.

<?php
$key = $api_key . '_' . $timestamp;

echo "message:" . $key;

$sha_hash = hash('sha256', $key);

echo "sha256 hash:" .  $sha_hash;

$rsa_key = "your public key goes in here"; //see https://www.php.net/manual/en/function.openssl-pkey-get-public.php

openssl_public_encrypt($sha_hash, $encrypted, $rsa_key);
$signature = base64_encode($encrypted);
ficuscr
  • 6,975
  • 2
  • 32
  • 52