(PHP 4 >= 4.0.6, PHP 5)
openssl_pkcs7_verify — Verifies the signature of an S/MIME signed message
$filename
, int $flags
[, string $outfilename
[, array $cainfo
[, string $extracerts
[, string $content
]]]] )openssl_pkcs7_verify() reads the S/MIME message contained in the given file and examines the digital signature.
filename
Path to the message.
flags
flags can be used to affect how the signature is
verified - see PKCS7 constants
for more information.
outfilename
If the outfilename is specified, it should be a
string holding the name of a file into which the certificates of the
persons that signed the messages will be stored in PEM format.
cainfo
If the cainfo is specified, it should hold
information about the trusted CA certificates to use in the verification
process - see certificate
verification for more information about this parameter.
extracerts
If the extracerts is specified, it is the filename
of a file containing a bunch of certificates to use as untrusted CAs.
content
You can specify a filename with content that will
be filled with the verified data, but with the signature information
stripped.
Returns TRUE if the signature is verified, FALSE if it is not correct
(the message has been tampered with, or the signing certificate is invalid),
or -1 on error.
| 版本 | 说明 |
|---|---|
| 5.1.0 |
The content parameter was added.
|
Note: As specified in RFC 2045, lines may not be longer than 76 characters in the
filenameparameter.
(2006-02-13 16:59:01)
There is a hidden sixth argument: string pointing to a file where the contents of the signed message should be saved.
It is very important for verifying signed and encrypted messages from MS Outlook which uses opaque signing. After decrypting of message you will get another MIME envelope like this:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Transfer-Encoding: base64
MIIM/QYJ...
Even if you use base64_decode() you will not get decrypted message but PKCS #7 object.
BTW: How to create opaque signed message like from MS Outlook? Switch off PKCS7_DETACHED flag (the last 0 does it):
<?php
openssl_pkcs7_sign(
"full_path_to_message_file",
"full_path_where_to_store_signed_message_file",
"file://full_path_to_my_public_certificate.pem",
array("file://full_path_to_my_private_key.pem", "password"),
array(),
0
);
?>