PHP
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

openssl_pkey_export_to_file> <openssl_pkcs7_sign
Last updated: Fri, 10 Oct 2008

view this page in

openssl_pkcs7_verify

(PHP 4 >= 4.0.6, PHP 5)

openssl_pkcs7_verifyVerifies the signature of an S/MIME signed message

Description

mixed openssl_pkcs7_verify ( string $filename , int $flags [, string $outfilename [, array $cainfo [, string $extracerts [, string $content ]]]] )

openssl_pkcs7_verify() reads the S/MIME message contained in the given file and examines the digital signature.

Parameters

filename

Path to the message.

flags

flags can be used to affect how the signature is verified - see PKCS7 constants for more information.

outfilename

If the outfilename is specified, it should be a string holding the name of a file into which the certificates of the persons that signed the messages will be stored in PEM format.

cainfo

If the cainfo is specified, it should hold information about the trusted CA certificates to use in the verification process - see certificate verification for more information about this parameter.

extracerts

If the extracerts is specified, it is the filename of a file containing a bunch of certificates to use as untrusted CAs.

content

You can specify a filename with content that will be filled with the verified data, but with the signature information stripped.

Return Values

Returns TRUE if the signature is verified, FALSE if it is not correct (the message has been tampered with, or the signing certificate is invalid), or -1 on error.

ChangeLog

Version Description
5.1.0 The content parameter was added.



add a note add a note User Contributed Notes
openssl_pkcs7_verify
hema
30-Sep-2006 12:39
As someone already mentioned in the previous comment it didn't work for me until I passed in that hidden sixth argument and also explicitly add the mime header into the $in_filename contents. (I am using PHP5)

 $data = file_get_contents($in_filename);

 file_put_contents($in_filename, "MIME-Version: 1.0\nContent-Disposition: attachment; filename=\"smime.p7m\"\nContent-Type: app
lication/x-pkcs7-mime; name=\"smime.p7m\"\nContent-Transfer-Encoding: base64\n\n$data");

 openssl_pkcs7_verify("$in_filename",
                              $flag,
                              "$out_filename.cert",
                              array($path_to_cert),
                              $path_to_cert,
                              $out_filename));
14-Feb-2006 02:59
There is a hidden sixth argument: string pointing to a file where the contents of the signed message should be saved.

It is very important for verifying signed and encrypted messages from MS Outlook which uses opaque signing. After decrypting of message you will get another MIME envelope like this:

MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIM/QYJ...

Even if you use base64_decode() you will not get decrypted message but PKCS #7 object.

BTW: How to create opaque signed message like from MS Outlook? Switch off PKCS7_DETACHED flag (the last 0 does it):
openssl_pkcs7_sign(
    "full_path_to_message_file",
    "full_path_where_to_store_signed_message_file",
    "file://full_path_to_my_public_certificate.pem",
    array("file://full_path_to_my_private_key.pem", "password"),
    array(),
    0
  );
add a note add a note

openssl_pkey_export_to_file> <openssl_pkcs7_sign
Last updated: Fri, 10 Oct 2008
 
 
show source | credits | stats | sitemap | contact | advertising | mirror sites