Convert Google Verify Signature Code (kotlin) To PHP (laravel)

- 1 answer

I need to verify a signature, which is a security feature in google's developer android api. They have a working example, which is written in kotlin.

Atm. I am trying to convert this code:

val decodedKey = Base64.decode(encodedPublicKey, Base64.DEFAULT)
val keyFactory = KeyFactory.getInstance("RSA")
return keyFactory.generatePublic(X509EncodedKeySpec(decodedKey))

The encodedPublicKey is fix. I get it from google.

I installed phpseclib and currently I try to convert the above code:

$decodedKey = base64_decode($encodedPublicKey);
$x509 = new X509();
$rsa = $x509->getPublicKey();
return [$rsa, $x509];

I discovered that not even base64_decode($encodedPublicKey) works. It returns nothing, while the kotlin code Base64.decode(encodedPublicKey, Base64.DEFAULT) returns many decoded keys, example:

D/IABUtil/Security: decodedKey 0 :48


kotlins Base64.decode(encodedPublicKey, Base64.DEFAULT) returns a bytearray. I managed to get the same result by using unpack() in php:

$decodedKey = unpack('c*', $decodedKey); // ByteArray


So at the end I used open ssl for this.

$publicKey = env('BASE_64_ENCODED_PUBLIC_KEY');

$key = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($publicKey, 64, "\n") . "-----END PUBLIC KEY-----";
$key = openssl_get_publickey($key);
if (false === $key) {
    return ["Could not get public Key"];

$verify = openssl_verify($originalJson, base64_decode($signature), $key, "sha1WithRSAEncryption");

Credit: android in app billing v3 with php

It was important to convert the public key into the correct format. It must have 64 characters in each line.