openssl_pkcs7_sign(3) [php man page]
OPENSSL_PKCS7_SIGN(3) 1 OPENSSL_PKCS7_SIGN(3) openssl_pkcs7_sign - Sign an S/MIME message SYNOPSIS
bool openssl_pkcs7_sign (string $infilename, string $outfilename, mixed $signcert, mixed $privkey, array $headers, [int $flags = PKCS7_DETACHED], [string $extracerts]) DESCRIPTION
openssl_pkcs7_sign(3) takes the contents of the file named $infilename and signs them using the certificate and its matching private key specified by $signcert and $privkey parameters. PARAMETERS
o $infilename - o $outfilename - o $signcert - o $privkey - o $headers -$headers is an array of headers that will be prepended to the data after it has been signed (see openssl_pkcs7_encrypt(3) for more information about the format of this parameter). o $flags -$flags can be used to alter the output - see PKCS7 constants. o $extracerts -$extracerts specifies the name of a file containing a bunch of extra certificates to include in the signature which can for exam- ple be used to help the recipient to verify the certificate that you used. RETURN VALUES
Returns TRUE on success or FALSE on failure. EXAMPLES
Example #1 openssl_pkcs7_sign(3) example <?php // the message you want to sign so that recipient can be sure it was you that // sent it $data = <<<EOD You have my authorization to spend $10,000 on dinner expenses. The CEO EOD; // save message to file $fp = fopen("msg.txt", "w"); fwrite($fp, $data); fclose($fp); // encrypt it if (openssl_pkcs7_sign("msg.txt", "signed.txt", "mycert.pem", array("file://mycert.pem", "mypassphrase"), array("To" => "joes@example.com", // keyed syntax "From: HQ <ceo@example.com>", // indexed syntax "Subject" => "Eyes only") )) { // message signed - send it! exec(ini_get("sendmail_path") . " < signed.txt"); } ?> PHP Documentation Group OPENSSL_PKCS7_SIGN(3)
Check Out this Related Man Page
OPENSSL_PKCS7_VERIFY(3) 1 OPENSSL_PKCS7_VERIFY(3) openssl_pkcs7_verify - Verifies the signature of an S/MIME signed message SYNOPSIS
mixed openssl_pkcs7_verify (string $filename, int $flags, [string $outfilename], [array $cainfo], [string $extracerts], [string $con- tent]) DESCRIPTION
openssl_pkcs7_verify(3) reads the S/MIME message contained in the given file and examines the digital signature. PARAMETERS
o $filename - Path to the message. o $flags -$flags can be used to affect how the signature is verified - see PKCS7 constants for more information. o $outfilename - If the $outfilename is specified, it should be a string holding the name of a file into which the certificates of the persons that signed the messages will be stored in PEM format. o $cainfo - If the $cainfo is specified, it should hold information about the trusted CA certificates to use in the verification process - see certificate verification for more information about this parameter. o $extracerts - If the $extracerts is specified, it is the filename of a file containing a bunch of certificates to use as untrusted CAs. o $content - You can specify a filename with $content that will be filled with the verified data, but with the signature information stripped. RETURN VALUES
Returns TRUE if the signature is verified, FALSE if it is not correct (the message has been tampered with, or the signing certificate is invalid), or -1 on error. CHANGELOG
+--------+------------------------------------+ |Version | | | | | | | Description | | | | +--------+------------------------------------+ | 5.1.0 | | | | | | | The $content parameter was added. | | | | +--------+------------------------------------+ NOTES
Note As specified in RFC 2045, lines may not be longer than 76 characters in the $filename parameter. PHP Documentation Group OPENSSL_PKCS7_VERIFY(3)