Skip to content

Instantly share code, notes, and snippets.

@prime31
Last active August 8, 2019 11:44
Show Gist options
  • Save prime31/4750744 to your computer and use it in GitHub Desktop.
Save prime31/4750744 to your computer and use it in GitHub Desktop.
function ValidateGooglePlaySignature( $responseData, $signature, $publicKey, &$status, &$response )
{
$responseData = trim( $responseData );
$signature = trim( $signature );
$response = json_decode( $responseData );
// Create an RSA key compatible with openssl_verify from our Google Play sig
$key = "-----BEGIN PUBLIC KEY-----\n".
chunk_split($publicKey, 64,"\n").
'-----END PUBLIC KEY-----';
$key = openssl_get_publickey( $key );
// Pre-add signature to return array before we decode it
$retArray = array( 'signature' => $signature );
//Signature should be in binary format, but it comes as BASE64.
$signature = base64_decode( $signature );
//Verify the signature
$result = openssl_verify( $responseData, $signature, $key, OPENSSL_ALGO_SHA1 );
$status = ( 1 === $result ) ? 1 : 0;
$retArray["status"] = $status;
return $retArray;
}
@felipefrancisco
Copy link

Is this still the correct validation method?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment