SHA256withRSA sign from PHP verify from JAVA

I'm using openssl like Whity already mentioned. Here is my striped down example. Be aware of any character encoding, line ending, etc. This results in changed binary representation of your text data.

PHP-RSA_SHA256-Sign:

<?php$data = "For my current project I have to send a signature from PHP to Java application. I am using Crypt/RSA right now for signing my data.";$private_key = <<<EOD-----BEGIN RSA PRIVATE KEY-----MIIBOgIBAAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQJAL151ZeMKHEU2c1qdRKS9sTxCcc2pVwoAGVzRccNX16tfmCf8FjxuM3WmLdsPxYoHrwb1LFNxiNk1MXrxjH3R6QIhAPB7edmcjH4bhMaJBztcbNE1VRCEi/bisAwiPPMq9/2nAiEA3lyc5+f6DEIJh1y6BWkdVULDSM+jpi1XiV/DevxuijMCIQCAEPGqHsF+4v7Jj+3HAgh9PU6otj2nY79nJtCYmvhoHwIgNDePaS4inApN7omp7WdXyhPZhBmulnGDYvEoGJN66d0CIHraI2SvDkQ5CmrzkW5qPaE2oO7BSqAhRZxiYpZFb5CI-----END RSA PRIVATE KEY-----EOD;$binary_signature = "";$algo = "SHA256";openssl_sign($data, $binary_signature, $private_key, $algo);print(base64_encode($binary_signature) ."\n");?>

The output of base64 encoded binary signature is:

OnqiWnFQ2nAjOa1S57Du9jDpVr4Wp2nLdMk2FX+/qX1+SAHpVsW1JvQYqQUDlxvbTOE9vg6dlU6i3omR7KipLw==

JAVA-RSA_SHA256-Verify:

import java.security.GeneralSecurityException;import java.security.KeyFactory;import java.security.PublicKey;import java.security.Signature;import java.security.spec.X509EncodedKeySpec;import org.apache.commons.codec.binary.Base64;public class RsaVerify {    public static void main(String args[]){        String publicKey = //              "-----BEGIN PUBLIC KEY-----"+                "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDiE2+Xi/WnO+s120NiiJhNyIButVu6"+                "zxqlVzz0wy2j4kQVUC4ZRZD80IY+4wIiX2YxKBZKGnd2TtPkcJ/ljkUCAwEAAQ==";//              "-----END PUBLIC KEY-----";        byte[] data = "For my current project I have to send a signature from PHP to Java application. I am using Crypt/RSA right now for signing my data.".getBytes();        byte[] signature = Base64.decodeBase64("OnqiWnFQ2nAjOa1S57Du9jDpVr4Wp2nLdMk2FX+/qX1+SAHpVsW1JvQYqQUDlxvbTOE9vg6dlU6i3omR7KipLw==");        try {            System.out.println(verify(data, signature, publicKey));        } catch (GeneralSecurityException e) {            e.printStackTrace();        }    }    private static boolean verify(byte[] data, byte[] signature, String publicKey) throws GeneralSecurityException{        X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));        KeyFactory keyFactory = KeyFactory.getInstance("RSA");        PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);        Signature sig = Signature.getInstance("SHA256withRSA");        sig.initVerify(pubKey);        sig.update(data);        return sig.verify(signature);    }}

phpseclib uses the more secure PSS padding by default. Java is probably using PKCS#1 padding. So if you were to go the phpseclib route (which I'd recommend doing)... do this:

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);

I think u need to improve your PHP solution.According to http://php.net/manual/en/function.openssl-get-md-methods.php you can use directly [47] => sha256WithRSAEncryption from PHP, probably call openssl from commandline also be possible:

openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt