openssl_cms_sign

(PHP 8)

openssl_cms_sign — Sign a file

Description

openssl_cms_sign(
string $input_filename,
string $output_filename,
OpenSSLCertificate |string $certificate,
#[\SensitiveParameter] OpenSSLAsymmetricKey |OpenSSLCertificate |array |string $private_key,
? array $headers,
int $flags = 0,
int $encoding = OPENSSL_ENCODING_SMIME ,
? string $untrusted_certificates_filename = null
): bool

This function signs a file with an X.509 certificate and key.

Parameters

input_filename: The name of the file to be signed.
output_filename: The name of the file to deposit the results.
certificate: The signing certificate. See Key/Certificate parameters for a list of valid values.
private_key: The key associated with certificate. See Key/Certificate parameters for a list of valid values.
headers: An array of headers to be included in S/MIME output.
flags: Flags to be passed to cms_sign().
encoding: The encoding of the output file. One of OPENSSL_ENCODING_SMIME , OPENSSL_ENCODING_DER or OPENSSL_ENCODING_PEM .
untrusted_certificates_filename: Intermediate certificates to be included in the signature.

Return Values

Returns true on success or false on failure.

Examples

Example #1 openssl_cms_sign() example

<?php

openssl_cms_sign('input.txt', 'output.txt', 'file://cert.pem', 'file://privkey.pem', null, OPENSSL_CMS_BINARY, OPENSSL_ENCODING_DER, 'chain.pem');
?>

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

+add a note

User Contributed Notes 1 note

down

miranda dot markmorgan at gmail dot com ¶

4 years ago

Manage to make it work at last.
$dn = array(
 "countryName" => "XX",
 "stateOrProvinceName" => "Location",
 "localityName" => "Local",
 "organizationName" => "Sample Organization",
 "organizationalUnitName" => "Organizational Unit",
 "commonName" => "Sample",
 "emailAddress" => "contactus@email.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array(
 "private_key_bits" => 4096,
 "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha512'));
// Generate a self-signed cert, valid for 365 days
$x509 = openssl_csr_sign($csr, null, $privkey, $days=365, array('digest_alg' => 'sha512'));
// Save your private key, CSR and self-signed cert for later use
openssl_csr_export($csr, $csrout) and var_dump($csrout); // .csr
openssl_x509_export($x509, $certout) and var_dump($certout); // .crt.pem
openssl_pkey_export($privkey, $pkeyout, "user_defined_password") and var_dump($pkeyout); // .key.pem
if(openssl_cms_sign ( "file_to_sign", "Sample.p7m" , $x509 , $privkey, null , 0 , 0 , null )){
 echo "SIGNED SUCCESSFULLY! Sample.p7m created... \r\n";
}
else
{
 echo "SIGNED FAILED!\r\n";
}

+add a note