[nycphp-talk] Digital Signatures in PHP
Dan Cech
dcech at phpwerx.net
Thu Jun 3 13:52:05 EDT 2004
Daniel Convissor wrote:
> On Thu, Jun 03, 2004 at 11:12:42AM -0400, Rolan Yang wrote:
>>How about md5()?
>
> Exactly what I was going to say. Simple. Effective.
Yeah, md5 is ok if you just want to take a hash to see if someone has
changed something, but I need to be able to store the message and the
hash together, so encryption is mandatory.
> If you want something to actually SIGN with, then consider shelling out to
> GPG.
I was looking into this, but it seems to have a few drawbacks, notably
having to write everything to file, I'd rather do it internally if at
all possible.
Now that I have figured out how to get the keys into the right format
the openssl_sign and openssl_verify functions actually seem to work very
well, it's just a question of how reliable they are on older versions of
php.
Dan
More information about the talk
mailing list