Specifying an input format type when calling openssl_pkcs7_verify in PHP
I have a crypto / php question, I was hoping someone could help me. My problem is I have a PKCS7 signed block that I am trying to validate against PHP. However, when I run the following PHP command:
openssl_pkcs7_verify($myfile, PKCS7_BINARY | PKCS7_NOVERIFY, $signers_file);
I am getting the following error:
PKCS7 routines:SMIME_read_PKCS7:no content type
If I do it with ruby, for example:
p7container = OpenSSL::PKCS7.new(file_contents);
mystore = OpenSSL::X509::Store.new
p7container.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
He works.
Also, if I run it via the OpenSSL command line:
openssl smime -verify -inform der -in my_data_file -noverify
It also works. However, if I run the following:
openssl smime -verify -in my_data_file -noverify
It is the same command, but without specifying the inform parameter it fails with the same error message stated earlier regarding "content type without content", which makes me feel like I need to specify the format of the input file ... Any ideas how I can do this via PHP?
Thanks in advance for your help,
source to share
I got around this problem by calling openssl directly from PHP (using the exec function ). Be sure to add 2> & 1 to the command to redirect stderr to stdout, since the message "Verification successful" was sent to stderr.
function verify($signedData, &$data = null) {
@mkdir("tmp");
$random = randomString(32);
$signedFile = "tmp/" . $random . ".pem";
$file = "tmp/" . $random . ".dat";
file_put_contents($signedFile, $signedData);
$output = exec("openssl smime -verify -in $signedFile -inform DER -noverify -out $file 2>&1");
if ($output == "Verification successful") {
$data = file_get_contents($file);
$result = true;
} else {
$result = false;
}
@unlink($signedFile);
@unlink($file);
return $result;
}
source to share