I have a system where multiple components have to sign a string with their private keys. Do I have to generate a signature for every component like this:
$data = 'my data';
openssl_sign($data, $signature_component1, $private_key_component1, OPENSSL_ALGO_SHA256);
openssl_sign($data, $signature_component2, $private_key_component2, OPENSSL_ALGO_SHA256);
$r_component1 = openssl_verify($data, $signature_component1, $public_key_component1, "sha256WithRSAEncryption");
$r_component2 = openssl_verify($data, $signature_component2, $public_key_component2, "sha256WithRSAEncryption");
if($r_component1 && $r_component2){
// Verification successful
}
// Verification failed
It is quite a hassle in all components to pass all incoming signatures and a new one to the next component. Is there a more convinient way I can use to sign my data multiple times a keep the overhead for checking the signatures in each component as low as possible