To verify a .p7m file with openssl_pkcs7_verify() you must convert it to S/MIME format. For example...
<?php
function der2smime($file)
{
$to=<<<TXT
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Transfer-Encoding: base64
\n
TXT;
$from=file_get_contents($file);
$to.=chunk_split(base64_encode($from));
return file_put_contents($file,$to);
}
?>openssl_pkcs7_verify
(PHP 4 >= 4.0.6, PHP 5, PHP 7, PHP 8)
openssl_pkcs7_verify — Verifies the signature of an S/MIME signed message
Description
function openssl_pkcs7_verify(
string
int
?string
array
?string
?string
?string
): bool|int
string
$input_filename,int
$flags,?string
$signers_certificates_filename = null,array
$ca_info = [],?string
$untrusted_certificates_filename = null,?string
$content = null,?string
$output_filename = null): bool|int
openssl_pkcs7_verify() reads the S/MIME message contained in the given file and examines the digital signature.
Parameters
input_filename-
Path to the message.
flags-
flagscan be used to affect how the signature is verified - see PKCS7 constants for more information. signers_certificates_filename-
If the
signers_certificates_filenameis specified, it should be a string holding the name of a file into which the certificates of the persons that signed the messages will be stored in PEM format. ca_info-
If the
ca_infois specified, it should hold information about the trusted CA certificates to use in the verification process - see certificate verification for more information about this parameter. untrusted_certificates_filename-
If the
untrusted_certificates_filenameis specified, it is the filename of a file containing a bunch of certificates to use as untrusted CAs. content-
You can specify a filename with
contentthat will be filled with the verified data, but with the signature information stripped. output_filename-
Return Values
Returns true if the signature is verified, false if it is not correct
(the message has been tampered with, or the signing certificate is invalid),
or -1 on error.
Changelog
| Version | Description |
|---|---|
| 8.0.0 |
signers_certificates_filename, untrusted_certificates_filename,
content and output_filename are nullable now.
|
| 7.2.0 |
The output_filename parameter was added.
|
Notes
Note: As specified in RFC 2045, lines may not be longer than 76 characters in the
input_filenameparameter.
+add a note
User Contributed Notes 1 note
reg1barclay at REMOVETHIS dot live dot it ¶
7 years ago
-
0
pcntl_sigtimedwaitWaits for signals, with a timeout
-
0
similar_textCalculate the similarity between two strings
-
0
boolvalGet the boolean value of a variable
-
0
curl_multi_closeClose a set of cURL handles
-
0
imap_bodyRead the message body
-
0
mb_strposFind position of first occurrence of string in a string
-
0
pg_send_prepareSends a request to create a prepared statement with the given parameters, without waiting for completion
-
0
swoole_native_socket_bind
-
0
Arr::prependKeysWith
-
0
zend_versionGets the version of the current Zend engine