Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
function ValidateGooglePlaySignature( $responseData, $signature, $publicKey, &$status, &$response )
$responseData = trim( $responseData );
$signature = trim( $signature );
$response = json_decode( $responseData );
// Create an RSA key compatible with openssl_verify from our Google Play sig
$key = "-----BEGIN PUBLIC KEY-----\n".
chunk_split($publicKey, 64,"\n").
'-----END PUBLIC KEY-----';
$key = openssl_get_publickey( $key );
// Pre-add signature to return array before we decode it
$retArray = array( 'signature' => $signature );
//Signature should be in binary format, but it comes as BASE64.
$signature = base64_decode( $signature );
//Verify the signature
$result = openssl_verify( $responseData, $signature, $key, OPENSSL_ALGO_SHA1 );
$status = ( 1 === $result ) ? 1 : 0;
$retArray["status"] = $status;
return $retArray;

Any updates? I have no idea how to change the JSON to a valid validation responseData!?

Shouldn't the line 22 be: $status = (1 === $result)?1:0;

Yeeeeah, it's WORKING!!!!! THANKS!! :-)

Is this still the correct validation method?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment