openssl_pkcs7_verify

(PHP 4 >= 4.0.6, PHP 5, PHP 7)

openssl_pkcs7_verifyVerifies the signature of an S/MIME signed message

Descrierea

openssl_pkcs7_verify ( string $filename , int $flags [, string $outfilename [, array $cainfo [, string $extracerts [, string $content [, string $p7bfilename ]]]]] ) : mixed

openssl_pkcs7_verify() reads the S/MIME message contained in the given file and examines the digital signature.

Parametri

filename

Path to the message.

flags

flags can be used to affect how the signature is verified - see PKCS7 constants for more information.

outfilename

If the outfilename is specified, it should be a string holding the name of a file into which the certificates of the persons that signed the messages will be stored in PEM format.

cainfo

If the cainfo is specified, it should hold information about the trusted CA certificates to use in the verification process - see certificate verification for more information about this parameter.

extracerts

If the extracerts is specified, it is the filename of a file containing a bunch of certificates to use as untrusted CAs.

content

You can specify a filename with content that will be filled with the verified data, but with the signature information stripped.

p7bfilename

Valorile întoarse

Returns true if the signature is verified, false if it is not correct (the message has been tampered with, or the signing certificate is invalid), or -1 on error.

Istoricul schimbărilor

Versiune Descriere
7.2.0 The p7bfilename parameter was added.

Note

Notă: As specified in RFC 2045, lines may not be longer than 76 characters in the filename parameter.

add a note add a note

User Contributed Notes 2 notes

up
5
reg1barclay at REMOVETHIS dot live dot it
5 years ago
To verify a .p7m file with openssl_pkcs7_verify() you must convert it to S/MIME format. For example...
<?php
function der2smime($file)
{
   
$to=<<<TXT
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Transfer-Encoding: base64
\n
TXT;
   
$from=file_get_contents($file);
   
$to.=chunk_split(base64_encode($from));
    return
file_put_contents($file,$to);
}
?>
up
-2
Krzychu
10 years ago
To read signed message in base64 (not encrypted with priv&pub key):

You can just decode content by "base64_decode" or "imap_base64" functions and then erase by hand(regexp) sign from bottom of mail. Unfortunately  in my case (mail from Outlook) that  message (decoded by "base64_decode") has some additional special chars in some places (ie. before every attachment encoded base_64) what make message e-mail unable to parse.

After couple of hours I solved this:
It's needed to save single e-mail and use 2x "openssl_pkcs7_verify" function in row on original email (with headers and content in base64 ):
  1st use - extract sign (certificate) from e-mail and save to file *.cert
  2nd use - extract (with use that *.cert file) decoded message to  file*.out

Code:
  $handle  =  imap_open('mailbox.eml', '', '');

  $msg = 'home/john/tmp/email1.eml';
  imap_savebody($handle, $msg,  1);

  openssl_pkcs7_verify($msg, 0, $msg . '.cert');
  openssl_pkcs7_verify($msg, 0, $msg . '.cert', array(), $msg . '.cert', $msg.'.out');

  $email_content = file_get_contents($msg . '.out');
To Top