PHP cert viewer


#1

Hi,
I try to make PHP based cert viewer. Complete process looks relatively straight forward for me but I have some problems.
I have issued about 300 certificates and want to integrate cert viewer inside our main site (PHP…).
I have next proof inside certificate:

“merkleRoot”: “08766125c69d4f2db3acd7f4b61dc6b3292df67ecb0385c95ed82ff23c370516”, “targetHash”: “7a1e3190d7498633c114007ded98a3e89274c4be054d291e797f0f50293eb502”, “proof”: [{“right”: “68bc8902af009c5607206a93ed28a21f61817fc797ede22d11c357f6abdd2fa7”}, {“right”: “bc7426ea82d9cef9d63eb8b53c96078edd5e2f8a37614cef2eca58039c597f8e”}, {“right”: “1254ad33f870de765c3147ade5055684aff4d170bb8704f32d0c4809b842bd6f”}, {“right”: “2e1d5907db706ae3a1f9243f13cd76f77ac41939a4b9e0ce1cc2b22985ebc376”}]

It works fine at standard cert viewer.

The fist problem is next:

I try to compare calculated merkle root with signed merkleRoot (I have four right side hashes p1, p2, p3, p4 in proof). Calculation is next:
H1=hash(targetHash+p1)
H2=hash(H1+p2)
H3=hash(H2+p3)
H4=hash(H3+p4)

H4 should be identical with signed merkleRoot but it’s not ;(.
hash function is standard PHP sha256 based (checked in other language with same result - so hash fuction is not a problem).
It looks like I did something wrong in my logic?!

The second problem is with hash of canonical JSON. I use php-json-ld project from github (https://github.com/digitalbazaar/php-json-ld) but again hash of canonized JSON file does not much signed target hash.

PHP code is here:
//remove signatrue from JSON file
unset($certJSON->signature);

$normalized = jsonld_normalize($certJSON,array(‘algorithm’ => ‘URDNA2015’,‘format’ => ‘application/nquads’));

$jsonHashCanonical=hash(“sha256”,json_encode(jsonld_from_rdf($normalized)));

Please, if you have any suggestion what I make wrong with my logic :slight_smile:

Regards

Nikola


#2

How are you hashing the data exactly?

One common problem could be from hashing the text and not the binary representation of it: https://bitcoin.stackexchange.com/questions/60761/how-to-calculate-merkle-root#comment69438_60761

For your jsonld problem, take a look at how we are using it in cert-verifier-js: https://github.com/blockchain-certificates/cert-verifier-js/blob/2f2fdb425eefbdfebd9fbb2d98a8f7aebd0a0871/src/inspectors/computeLocalHash.js#L61

One difference I noticed is that we are doing: sha256(toUTF8Data(normalized))


#3

Thanks for your quick answer.
Tried your suggested solution (concatenate two strings first, convert to binary and after that hash… ) but still I can not get same hash ;(
Also tried node.js solution for json file, but sam result too - different hashes.

Maybe I have to go deep into python code to check what to do before hash operation. All sources said that, simple concatenate two string and make hash but obviously there is something else.