I'm trying to verify the response of the Play Store on my server. There are some questions about this topic but none have worked for me.
Here's how I'm doing it:
$KEY_PREFIX = "-----BEGIN PUBLIC KEY-----\r\n";
$KEY_SUFFIX = '-----END PUBLIC KEY-----';
$mykey=<MyPlayStoreKey>;
$key = $KEY_PREFIX . chunk_split($mykey, 64, "\r\n") . $KEY_SUFFIX;
$key = openssl_get_publickey($key);
$correct=$param1=openssl_verify (
$signedData,
base64_decode($signature),
$key);
Where $signedData and $signature are responses from the Play Store. $correct is always 0 (Which means that the signatures don't match) What I'm doing wrong?
I'm testing this with static responses in a device with the developer account set as primary.