(PHP 4 >= 4.0.6, PHP 5, PHP 7, PHP 8)
openssl_pkcs7_sign — Sign an S/MIME message
$input_filename
,$output_filename
,$certificate
,$private_key
,$headers
,$flags
= PKCS7_DETACHED
,$untrusted_certificates_filename
= null
openssl_pkcs7_sign() takes the contents of the file
named input_filename
and signs them using the
certificate and its matching private key specified by
certificate
and private_key
parameters.
input_filename
The input file you are intending to digitally sign.
output_filename
The file which the digital signature will be written to.
certificate
The X.509 certificate used to digitally sign input_filename
.
See Key/Certificate parameters for a list of valid values.
private_key
private_key
is the private key corresponding to certificate
.
See Public/Private Key parameters for a list of valid values.
headers
headers
is an array of headers that
will be prepended to the data after it has been signed (see
openssl_pkcs7_encrypt() for more information about
the format of this parameter).
flags
flags
can be used to alter the output - see PKCS7 constants.
untrusted_certificates_filename
untrusted_certificates_filename
specifies the name of a file containing
a bunch of extra certificates to include in the signature which can for
example be used to help the recipient to verify the certificate that you used.
Version | Description |
---|---|
8.0.0 |
certificate accepts an OpenSSLCertificate instance now;
previously, a resource of type OpenSSL X.509 CSR was accepted.
|
8.0.0 |
private_key accepts an OpenSSLAsymmetricKey
or OpenSSLCertificate instance now;
previously, a resource of type OpenSSL key or OpenSSL X.509 CSR
was accepted.
|
Example #1 openssl_pkcs7_sign() example
<?php// the message you want to sign so that recipient can be sure it was you that// sent it$data = <<<EODYou have my authorization to spend $10,000 on dinner expenses.The CEOEOD;// save message to file$fp = fopen("msg.txt", "w");fwrite($fp, $data);fclose($fp);// encrypt itif (openssl_pkcs7_sign("msg.txt", "signed.txt", "file://mycert.pem", array("file://mycert.pem", "mypassphrase"), array("To" => "joes@example.com", // keyed syntax "From: HQ <ceo@example.com>", // indexed syntax "Subject" => "Eyes only") )) { // message signed - send it! exec(ini_get("sendmail_path") . " < signed.txt");}?>