The php Function OpenSSL_PKCS7_Verify

PHP offers thousands of built-in functions that can be used for a wide variety of purposes. Functions are a programming technique that allow developers to break down complex code into smaller parts that can be easily understood and executed. The benefit of this is that it can save a lot of time and effort, as well as provide a more streamlined application. A function is a piece of code that accepts one or more inputs (usually in the form of parameters) and processes them, returning some value.

The php function openssl_pkcs7_verify uses the OpenSSL library for verification of SMIME signed data. It can be called with the following arguments:

The parameter signcert specifies the certificate that should be used to verify the data. The private key that should be used to sign the data must be provided in the second parameter, privkey. Headers can be added using the optional headers parameter. The result is a PKCS 7 signature data block that can be verified using an appropriate tool. This function returns TRUE if the signature is valid, FALSE otherwise.

A special argument, cainfo, can be supplied to hold information about the trusted certificates used by this function. If the PKCS7_NOVERIFY flag is set the signers certificates are not chain verified - this will reduce the size of the signature but it does require that the verifier have the signers certificate available locally (passed to the extracerts parameter to openssl_pkcs7_verify). Other options include a list of cipher algorithms to use to verify the message and an optional checksum for the signers data.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

openssl_pkcs7_verify example

$this->assertMessageSignatureIsValid($signedMessage$message);
    }

    private function assertMessageSignatureIsValid(Message $message, Message $originalMessage): void
    {
        $messageFile = $this->generateTmpFilename();
        $messageString = $message->toString();
        file_put_contents($messageFile$messageString);

        $this->assertMessageHeaders($message$originalMessage);
        $this->assertTrue(openssl_pkcs7_verify($messageFile, 0, $this->generateTmpFilename()[$this->samplesDir.'ca.crt'])sprintf('Verification of the message %s failed. Internal error "%s".', $messageFileopenssl_error_string()));

        if (!str_contains($messageString, 'enveloped-data')) {
            // Tamper to ensure it actually verified             file_put_contents($messageFilestr_replace('Content-Transfer-Encoding: ', 'Content-Transfer-Encoding: ', $messageString));
            $this->assertFalse(openssl_pkcs7_verify($messageFile, 0, $this->generateTmpFilename()[$this->samplesDir.'ca.crt'])sprintf('Verification of the message failed. Internal error "%s".', openssl_error_string()));
        }
    }
}
Home | Imprint | This part of the site doesn't use cookies.