©
本文档使用 PHP中文网手册 发布
(PHP 4 >= 4.0.6, PHP 5)
openssl_pkcs7_verify — Verifies the signature of an S/MIME signed message
$filename
, int $flags
[, string $outfilename
[, array $cainfo
[, string $extracerts
[, string $content
]]]] )openssl_pkcs7_verify() reads the S/MIME message contained in the given file and examines the digital signature.
filename
Path to the message.
flags
flags
can be used to affect how the signature is
verified - see PKCS7 constants
for more information.
outfilename
If the outfilename
is specified, it should be a
string holding the name of a file into which the certificates of the
persons that signed the messages will be stored in PEM format.
cainfo
If the cainfo
is specified, it should hold
information about the trusted CA certificates to use in the verification
process - see certificate
verification for more information about this parameter.
extracerts
If the extracerts
is specified, it is the filename
of a file containing a bunch of certificates to use as untrusted CAs.
content
You can specify a filename with content
that will
be filled with the verified data, but with the signature information
stripped.
Returns TRUE
if the signature is verified, FALSE
if it is not correct
(the message has been tampered with, or the signing certificate is invalid),
or -1 on error.
版本 | 说明 |
---|---|
5.1.0 |
The content parameter was added.
|
Note: As specified in RFC 2045, lines may not be longer than 76 characters in the
filename
parameter.
[#1] Krzychu [2013-12-06 09:34:17]
To read signed message in base64 (not encrypted with priv&pub key):
You can just decode content by "base64_decode" or "imap_base64" functions and then erase by hand(regexp) sign from bottom of mail. Unfortunately in my case (mail from Outlook) that message (decoded by "base64_decode") has some additional special chars in some places (ie. before every attachment encoded base_64) what make message e-mail unable to parse.
After couple of hours I solved this:
It's needed to save single e-mail and use 2x "openssl_pkcs7_verify" function in row on original email (with headers and content in base64 ):
1st use - extract sign (certificate) from e-mail and save to file *.cert
2nd use - extract (with use that *.cert file) decoded message to file*.out
Code:
$handle = imap_open('mailbox.eml', '', '');
$msg = 'home/john/tmp/email1.eml';
imap_savebody($handle, $msg, 1);
openssl_pkcs7_verify($msg, 0, $msg . '.cert');
openssl_pkcs7_verify($msg, 0, $msg . '.cert', array(), $msg . '.cert', $msg.'.out');
$email_content = file_get_contents($msg . '.out');