(PHP 4 >= 4.0.6, PHP 5, PHP 7, PHP 8)
openssl_pkcs7_sign — Sign an S/MIME message
$input_filename
,$output_filename
,$certificate
,$private_key
,$headers
,$flags
= PKCS7_DETACHED
,$untrusted_certificates_filename
= null
openssl_pkcs7_sign() takes the contents of the file
named input_filename
and signs them using the
certificate and its matching private key specified by
certificate
and private_key
parameters.
input_filename
The input file you are intending to digitally sign.
output_filename
The file which the digital signature will be written to.
certificate
The X.509 certificate used to digitally sign input_filename
.
See Key/Certificate parameters for a list of valid values.
private_key
private_key
is the private key corresponding to certificate
.
See Public/Private Key parameters for a list of valid values.
headers
headers
is an array of headers that
will be prepended to the data after it has been signed (see
openssl_pkcs7_encrypt() for more information about
the format of this parameter).
flags
flags
can be used to alter the output - see PKCS7 constants.
untrusted_certificates_filename
untrusted_certificates_filename
specifies the name of a file containing
a bunch of extra certificates to include in the signature which can for
example be used to help the recipient to verify the certificate that you used.
Returns true
on success or false
on failure.
Version | Description |
---|---|
8.0.0 |
certificate accepts an OpenSSLCertificate instance now;
previously, a resource of type OpenSSL X.509 CSR was accepted.
|
8.0.0 |
private_key accepts an OpenSSLAsymmetricKey
or OpenSSLCertificate instance now;
previously, a resource of type OpenSSL key or OpenSSL X.509 CSR
was accepted.
|
Example #1 openssl_pkcs7_sign() example
<?php
// the message you want to sign so that recipient can be sure it was you that
// sent it
$data = <<<EOD
You have my authorization to spend $10,000 on dinner expenses.
The CEO
EOD;
// save message to file
$fp = fopen("msg.txt", "w");
fwrite($fp, $data);
fclose($fp);
// encrypt it
if (openssl_pkcs7_sign("msg.txt", "signed.txt", "file://mycert.pem",
array("file://mycert.pem", "mypassphrase"),
array("To" => "joes@example.com", // keyed syntax
"From: HQ <ceo@example.com>", // indexed syntax
"Subject" => "Eyes only")
)) {
// message signed - send it!
exec(ini_get("sendmail_path") . " < signed.txt");
}
?>