3

I don't completely understand and some documentation or help would be appreciated greatly :)

Using PHP I create a MIME by using ezcomponents Mail object. But what I do not understand is:

Do you create an S/MIME message from a original MIME by signing it with openssl_pkcs7_sign ? or do you create an S/MIME from scratch and sign it when its done?

Please bear with me as I try to understand the correct way of doing things.

EDIT: Found this piece of code to illustrate my question better

<?
// Setup mail headers.
$headers = array("To" => "someone@nowhere.net",
     "From" => "noone@somewhere.net",
     "Subject" => "A signed and encrypted message.");

// Sign the message first
openssl_pkcs7_sign("msg.txt","signed.txt",
     "signing_cert.pem",array("private_key.pem",
     "password"),array());

// Get the public key certificate.
$pubkey = file_get_contents("cert.pem");

//encrypt the message, now put in the headers.
openssl_pkcs7_encrypt("signed.txt", "enc.txt",
     $pubkey,$headers,0,1);

$data = file_get_contents("enc.txt");

// separate header and body, to use with mail function
//  unfortunate but required, else we have two sets of headers
//  and the email client doesn't decode the attachment
$parts = explode("\n\n", $data, 2);

// send mail (headers in the Headers parameter will override those
//  generated for the To & Subject parameters)
mail($mail, $subject, $parts[1], $parts[0]);
?>
Etienne Marais
  • 1,660
  • 1
  • 22
  • 40

1 Answers1

2

Save yourself a lot of pain and route the messages you need signed through a MTA filter that is designed for the job, e.g. Gnu Anubis (SMTP proxy) or implement a milter

symcbean
  • 47,736
  • 6
  • 59
  • 94
  • The thing is I want to let my users programatically create their own signatures and select an option in my application to send as secure or not. – Etienne Marais Jun 03 '11 at 09:55
  • "Anubis version 4.1 does not yet provide built-in support for S/MIME encryption or signing" That will not do my friend. I do not want to use external stuff all the time because of the configuration gremlins that exist. I'd rather then do it myself using PHP – Etienne Marais Jun 06 '11 at 07:33
  • Neither does PHP - the difference is that Anubis is specifically designed for the prupose of modifying email content - of course if you're a far superior programmer to the guys who wrote anubis then you've nothing to worry about - but if that's the case then why are you asking us how to implement this? – symcbean Jun 06 '11 at 08:16
  • hehe because I am not nearly that good of a programmer, thats why I asked. – Etienne Marais Jun 06 '11 at 08:41
  • Can you walk me through how Anubis would be implemented in this case? Please? This is the best way +1 – Etienne Marais Jun 06 '11 at 10:16