PHP Extension
PHP Extension
Aadhaar Paperless Offline e-kyc
See more XML Digital Signatures Examples
Opens an encrypted .zip containing Aadhaar Paperless Offline e-KYC XML. Gets the XML and validates the digital signature. Then computes the hash for the mobile number and Email ID.Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Open the .zip containing the Aadhaar Paperless Offline e-KYC XML.
// The .zip is encrypted using the "Share Phrase".
$zip = new CkZip();
$success = $zip->OpenZip('qa_data/xml_dsig/offline_paperless_kyc.zip');
if ($success == false) {
print $zip->lastErrorText() . "\n";
exit;
}
// The .zip should contain 1 XML file.
$entry = new CkZipEntry();
$success = $zip->EntryAt(0,$entry);
if ($success == false) {
print $zip->lastErrorText() . "\n";
exit;
}
// To get the contents, we need to specify the Share Phrase.
$sharePhrase = 'Lock@487';
$zip->put_DecryptPassword($sharePhrase);
$bdXml = new CkBinData();
// The XML file will be unzipped into the bdXml object.
$success = $entry->UnzipToBd($bdXml);
if ($success == false) {
print $entry->lastErrorText() . "\n";
exit;
}
// First verify the XML digital signature.
$dsig = new CkXmlDSig();
$success = $dsig->LoadSignatureBd($bdXml);
if ($success == false) {
print $dsig->lastErrorText() . "\n";
exit;
}
// The UIDAI XML signature does not contain the KeyInfo, so we must load the uidai certificate
// and indicate that its public key is to be used for verifying the signature.
$cert = new CkCert();
$success = $cert->LoadFromFile('qa_data/xml_dsig/uidai_auth_sign_prod_2023.cer');
if ($success == false) {
print $cert->lastErrorText() . "\n";
exit;
}
// Get the certificate's public key.
$pubKey = new CkPublicKey();
$cert->GetPublicKey($pubKey);
$dsig->SetPublicKey($pubKey);
// The XML in this example contains only 1 signature.
$bVerifyReferenceDigests = true;
$bVerified = $dsig->VerifySignature($bVerifyReferenceDigests);
if ($bVerified == false) {
print $dsig->lastErrorText() . "\n";
print 'The signature was not valid.' . "\n";
exit;
}
print 'The XML digital signature is valid.' . "\n";
// Let's compute the hash for the Mobile Number.
// Hashing logic for Mobile Number :
// Sha256(Sha256(Mobile+SharePhrase))*number of times last digit of Aadhaar number
// (Ref ID field contains last 4 digits).
//
// Example :
// Mobile: 1234567890
// Aadhaar Number:XXXX XXXX 3632
// Passcode : Lock@487
// Hash: Sha256(Sha256(1234567890Lock@487))*2
// In case of Aadhaar number ends with Zero we will hashed one time.
$crypt = new CkCrypt2();
$crypt->put_HashAlgorithm('sha256');
$crypt->put_EncodingMode('hexlower');
$strToHash = '1234567890Lock@487';
$bdHash = new CkBinData();
$success = $bdHash->AppendString($strToHash,'utf-8');
// Hash a number of times equal to the last digit of your Aadhaar number.
// If the Aadhaar number ends with 0, then hash one time.
// For this example, we'll just set the number of times to hash
// for the case where an Aadhaar number ends in "9"
$numTimesToHash = 9;
for ($i = 1; $i <= $numTimesToHash; $i++) {
$tmpStr = $crypt->hashBdENC($bdHash);
$bdHash->Clear();
$bdHash->AppendString($tmpStr,'utf-8');
}
print 'Computed Mobile hash = ' . $bdHash->getString('utf-8') . "\n";
// Let's get the mobile hash stored in the XML and compare it with our computed hash.
$xml = new CkXml();
$success = $xml->LoadBd($bdXml,true);
$m_hash = $xml->chilkatPath('UidData|Poi|(m)');
print 'Stored Mobile hash = ' . $m_hash . "\n";
// Now do the same thing for the email hash:
$strToHash = 'abc@gm.comLock@487';
$bdHash->Clear();
$success = $bdHash->AppendString($strToHash,'utf-8');
for ($i = 1; $i <= $numTimesToHash; $i++) {
$tmpStr = $crypt->hashBdENC($bdHash);
$bdHash->Clear();
$bdHash->AppendString($tmpStr,'utf-8');
}
print 'Computed Email hash = ' . $bdHash->getString('utf-8') . "\n";
$e_hash = $xml->chilkatPath('UidData|Poi|(e)');
print 'Stored Email hash = ' . $e_hash . "\n";
?>