4

I'm trying to send an encrypted email with an attachment from PHP, however, my e-mail is just diplayed as plain text in the email-client (in this case MS Outlook). This is the code I use to send the email:

$semi_rand = md5(time());   
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";   
$fileatt = "\path\to\attachment";
$headers = array();
$headers['From'] = $email_from;
$headers['Subject'] = $email_subject; 
$headers['MIME-Version'] = "1.0";
$headers['Content-Type'] = "multipart/mixed; boundary=\"{$mime_boundary}\"";    

$file = fopen($fileatt,'rb');   
$data = fread($file,filesize($fileatt));
$data = chunk_split(base64_encode($data));     
fclose($file);   

//message part
$email_message = "This is a multi-part message in MIME format.\n\n" .   
                "--{$mime_boundary}\n" .   
                "Content-Type:text/html; charset=\"UTF-8\"\n" .   
                "Content-Transfer-Encoding: 7bit\n\n
                                     Please find the file attached\n\n";   


//file part
$email_message .= "--{$mime_boundary}\n" .   
                  "Content-Type: {$fileatt_type};\n" .   
                  " name=\"{$fileatt_name}\"\n" .   
                  "Content-Transfer-Encoding: base64\n\n" .   
                 $data . "\n\n" .   
                  "--{$mime_boundary}--\n";   

$mfile = fopen("msg.txt", "w");
fwrite($mfile, $email_message);
fclose($mfile);


$key = file_get_contents("mailcert.cer");

$encrypt = openssl_pkcs7_encrypt("msg.txt", "enc.txt", $key, $headers);
if($encrypt){
    $data = file_get_contents("enc.txt");
    $parts = explode("\n\n", $data, 2);

    // Send mail
    $ok = mail($email_to, $email_subject, $parts[1], $parts[0]);
}

The script works, the email is delivered and it's possible to decrypt it in Outlook, however, the result then is something like this: 

--==Multipart_Boundary_x6434b5a09f1f49c571a633802cd36772x

Content-Type:text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit

Please find the file attached

--==Multipart_Boundary_x6434b5a09f1f49c571a633802cd36772x
Content-Type: application/octet-stream;
 name="1327490599scrippie.txt"
Content-Transfer-Encoding: base64

JG9sZElwID0gIjE5NS40Ni4zOS43MyINCiRuZXdJcCA9ICIqIg0KDQojIEdldCBhbGwgb2JqZWN0
cyBhdCBJSVM6Ly9Mb2NhbGhvc3QvVzNTVkMNCiRpaXNPYmplY3RzID0gbmV3LW9iamVjdCBgDQog
ICAgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkRpcmVjdG9yeUVudHJ5KCJJSVM6Ly9Mb2NhbGhv
[etc....]

--==Multipart_Boundary_x6434b5a09f1f49c571a633802cd36772x--

Is there another way of sending encrypted emails with attachments? Or is there a solution to this problem?

user254875486
  • 11,190
  • 7
  • 36
  • 65
  • possible duplicate of [Should I use php mail function or phpmailer?](http://stackoverflow.com/questions/1231886/should-i-use-php-mail-function-or-phpmailer) – mario Jan 25 '12 at 14:06
  • Thanks Mario, but no, that question has pretty much nothing to do with my question except that it's about mailing from PHP.... – user254875486 Jan 25 '12 at 14:08
  • The missing semicolon wouldn't have happened with phpmailer or switftmailer. Don't bother patching your code. Throw it away. – mario Jan 25 '12 at 14:09
  • True, maybe emailing from PHP is less prone to errors if you use swiftmailer, however, my question is specifically about sending _encrypted_ emails with attachments, which is not even mentioned in the other question. If using swiftmailer is a solution to my problem, that's great, but that does not make the questions the same. – user254875486 Jan 25 '12 at 14:12
  • No, it's disqualified as *exact* duplicate. You can keep your two lines of encryption code, but eschew the actual bug you have with the long-winded manual MIME body concatenation. – mario Jan 25 '12 at 14:17
  • I've fixed the bug with the semicolon, but the results are still the same. I've also briefly checked out the documentation for Swift Mailer, but I can't seem to find anything on sending emails using S/MIME. Is that possible with Swift Mailer? – user254875486 Jan 25 '12 at 14:20
  • Then it's the other thing. - Swiftmailer 4.1 was supposed to. Not sure. But PHPMailer specifically lists S/MIME as feature: http://phpmailer.worxware.com/index.php?pg=phpmailer#~S/MIME – mario Jan 25 '12 at 14:23
  • They talk about Signing using S/MIME, I'm not sure if that's the same as encrypting using S/MIME... – user254875486 Jan 25 '12 at 14:33
  • To whom it may concern: [new home of phpmailer is google code](http://code.google.com/a/apache-extras.org/p/phpmailer/). – hakre Jan 26 '12 at 12:30

1 Answers1

5

The solution to this problem is to include the headers for the original message in the file containing the message.

I added something like this before writing the file to disk:

foreach($headers as $headerkey => $headerval){
    $email_message = $headerkey . ": " . $headerval . "\r\n" . $email_message;
}

Then, remove the MIME-version and Content-Type headers from the array before passing it to the openssl_pkcs7_encrypt() function.

user254875486
  • 11,190
  • 7
  • 36
  • 65