[PHP] openssl_pkcs7_sign の使い方

ちょいと小一時間ハマったのでメモ。

PHPのOpenSSLの openssl_pkcs7_sign だが、マニュアルのサンプルにあるように

openssl_pkcs7_sign(“msg.txt”, “signed.txt”, “file://email.pem”, array(“file://email.pem”, “123456”), $headers);

みたいにやると

Warning: openssl_pkcs7_sign(): error getting private key in /home/nat/test/7sign.php on line 10

のようにエラーが出る。

これは、realpath()を使ってやることによって回避できるようだ。すなわち、

openssl_pkcs7_sign(realpath(“msg.txt”), realpath(“signed.txt”), “file://”.realpath(email.pem”), array(“file:”.realpath(“email.pem”), “123456”), $headers);

注:signed.txt も touch しておかなければダメ。

そうすると、こんな感じの signed.txt ができます。ちなみに、Header部分は署名は掛かっていません。

To: joes@example.com
From: HQ
Subject: Eyes only
MIME-Version: 1.0
Content-Type: multipart/signed; protocol=”application/x-pkcs7-signature”; micalg=sha1; boundary=”—-2ED342647462900B363AC40502411647″

This is an S/MIME signed message

——2ED342647462900B363AC40502411647
昨日の夜からようやく Artifact Binding 1.0 draft 04 に着手。
22:00-02:00 に書いて、03:30 まで仮眠、その後、北軽井沢から東京へ車で移動(03:50-07:20). 朝食、風呂のあと、10:00 まで加筆。とりあえず、bitbucket に push して、openid-specs-ab 宛にメール。Breno と会話。OAuth2.0 にあわせて、Response は JSON に統一。(その結果、Key-Value Form Encoding が無くなった。)その後、Johnと会話。Magic Signature の Padding がなぁ、という話。

ちなみに、現行ドラフトの最新版のHTMLコピーは、こちら。正式なレポジトリは、http://bitbucket.org/openid/ab/ 。

——2ED342647462900B363AC40502411647
Content-Type: application/x-pkcs7-signature; name=”smime.p7s”
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=”smime.p7s”

MIIFPgYJKoZIhvcNAQcCoIIFLzCCBSsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCA0swggNHMIICsKADAgECAgMJBP8wDQYJKoZIhvcNAQEEBQAwWjELMAkG
A1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMT
JEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5lc3MgQ0EtMTAeFw0wODA3MjYw
ODE2MTBaFw0xMTA3MjcwODE2MTBaMIG2MQswCQYDVQQGEwJKUDEWMBQGA1UEChMN
dG9uZXNjYXBlLm5ldDETMBEGA1UECxMKR1QxMDQ2MTczNzExMC8GA1UECxMoU2Vl
IHd3dy5yYXBpZHNzbC5jb20vcmVzb3VyY2VzL2NwcyAoYykwODEvMC0GA1UECxMm
RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUmFwaWRTU0woUikxFjAUBgNVBAMT
DXRvbmVzY2FwZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALcqchVG
uJNrmPo62lqKHS8z8gmnuxrkcenoV74EEiVFn5YYbc+wmXdd7uc5vVLo3NTmonmu
l2j4I156nL5pL3T3n5f5uYXg/vJ1M995gUsyVFfj9Cc0zHYf54YsHf8w5zPRyCXA
PnfG6rKy9y5qw+S6thir4TSxsud+ADetyqFRAgMBAAGjgb0wgbowDgYDVR0PAQH/
BAQDAgTwMB0GA1UdDgQWBBQvJDM6SU9MC/t204wl+kBK6UvaazA7BgNVHR8ENDAy
MDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL2dsb2JhbGNhMS5j
cmwwHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQAD
gYEAsX0c0jSIwkdJvcak5O3jLhcFx+1hrk5OSKnLB32Vz7IvC2Pm9uQVWwAovFty
qVv6TN7VluyNzSyMlhcPCwGBcLHmqKuh9WH4wURcufLYiNaNyPj1658183jRhjkk
xm1r7QgY6T4RTKcwRJs+DweHst3FzP7QbBL/b4qWag1djFoxggG7MIIBtwIBATBh
MFoxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0w
KwYDVQQDEyRFcXVpZmF4IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTECAwkE
/zAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTEwMDUwOTA0NDI1MVowIwYJKoZIhvcNAQkEMRYEFJFFNEmnRNpp
0aA2rxZbEMD4/iI6MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI
hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo
MA0GCSqGSIb3DQEBAQUABIGAibAPLZi+XC5VdUVS5VxWXO5W13tt/hUA4J81UQmm
9FNlBf6AxRopL6qO8rgF+1e+n2bPpqBXV8xI47PndEHtK7a/3uHTKTagrweXCfb9
1jlJen1KKctPdeQis3qZllEKu+rCm8FjfDAGVfL1f41wTjzFYwK6JVpNrubXCQYS
tDw=

——2ED342647462900B363AC40502411647–

暗号化もする場合は、署名の時は header は空にしておいて、暗号化の時に足す方が良いですね。

$headers = array(“To” => “joes@example.com”,
“From” => “HQ “,
“Subject” => “Eyes only”);

if (openssl_pkcs7_sign(realpath(“msg.txt”),
realpath(“signed.txt”),
‘file://’.realpath(“signcert.pem”),
array(‘file://’.realpath(“signcert-key.pem”),”a_password”), // private key
array()
)) {
// message signed
}

$pubkey = file_get_contents(“enc_cert.pem”);

//encrypt the message, now put in the headers.
openssl_pkcs7_encrypt(realpath(“signed.txt”), realpath(“enc.txt”),
$pubkey,$headers,0,1);

そうすると、こんな感じの enc.txt ができます。

To: joes@example.com
From: HQ
Subject: Eyes only
MIME-Version: 1.0
Content-Disposition: attachment; filename=”smime.p7m”
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name=”smime.p7m”
Content-Transfer-Encoding: base64

MIINEgYJKoZIhvcNAQcDoIINAzCCDP8CAQAxgfswgfgCAQAwYTBaMQswCQYDVQQG
EwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1
aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xAgMJBP8wDQYJKoZIhvcN
AQEBBQAEgYAJBAUmDInUPMLYEaR5GBcisQswM/P7n3XcSB1qPBMzqwmmCKzjN3sW
2Ao1IfbjjTF22PVu0764h/ck/RDHT6xKAoMNQepYjdc9ev1pm1wB9UOurN95N7nn
Jd6wXM7+OphSOo4vxFkgEGF40IdJ/ZoU6SLRhl8AWrjGMXFwsblFBzCCC/oGCSqG
SIb3DQEHATAZBggqhkiG9w0DAjANAgE6BAj6LjZoI0qngICCC9Az8pD3Q8EyUro6
Dih0vUex2swqqXZPswTRN5lSybaqsJa2wJJ1u8UvGrrIGwQUeDAOdFPetlTaSMkQ
CZVXtdsCHwrkc3vEnUV/1IzwZuAU+oZ4fwVZd3vLGK5DNOSWavUuGL844I0vr1u7
WkZ0yRFZk555R/PG2QVrPKdbTEx7knpvBl3VR20hngefKDos8L+PXF/f3yiu1MSo
AVTE2SAWhaKe1AZhhIB0Mc9Uw5aaYd9tMuOy0dUBFCCffU/wcBq9uqKJAvsktpFY
pIsbZiaYmB2g3/YyoDVcgYycFYdG2ullX7T7j3HVSKynLoTkvNtTvDWIePjcUXTn
8ddENrJYogRG8LwU4H08sJj8YRW37j/vEJvqdkYW4wT2PyvA3mOEvxBLQpBYEwW/
UW7lf9vGm/bszHGfmiwHyChJjG6vyA+U7NhdpHvKeOPql16A+kZ6G9bSJUSjpZQ4
tpsemmutJnk771J/SzyE1OJ+zKQkQ8gJz20uJX8LZYUrW9iy2qx0flaZ76GanTIC
S84fa/m8cWFv688g0VmYMmFVGlFKVI25739uuCGmxAaV/h5NCSNk9XNieP3/kxLC
5Dz6r1kCeUvoVX3a9jyNNAMh3uUynbf5Ko5JpwuB7rO7xUj1wrHDtTof53vjNqQK
ejxgE7Rryvhh0cJo9CKG6bgM5LKpRQcgrTOB9cFKgRmHEkGBDjtF9X4ijIkkY6eT
9eq7AN99hsyYwmNOdHquhdV8p40PnGnjUcyEkLvK/TSWn6RmlZS5Uxqyu0ghvc13
41UfRYC/nVVisSHHLMqPXkY84JxskP+8YWTqbRpz6h3r6uWWCg5hhySdklSoreth
SkjDqiu1KJwsrciE4UufCsvQXJyHpkxPizJrk1fnvct1iieBDRhc87J/8y3iW64X
ZzPm8jpCiAULkR0ciNF6c93TXJtIdAZV7+yTHOtlqZ0NsVJEh+McgfZbpnHyUfgc
A5WuCefvWbp7xRY9Hbf++3m3M0QaJ4zYQjT8CSMQfB+sPjGhsnT1vSHB8c1ChRgf
XQhFgBvV1cTxrdwX8c0R9FQj3ucoBhez7wLCg9hTZNoBoQy44c22vOKRzN011SNF
rmocO05UG3aHbvrnNSSakacSb07a+Gsd/T1sRjN129Ig9mToLYOI4OxYLqguTAIM
VLlXdUT1DnFWZ3RxyVdBX6v8cTb6sx6SX5AUNuIGJIYYFpQBGGGlyE/Pf78rXlNR
fI1hJIywj4JEoaCZQqhpKVjToJ9vE+hmuRTf5Ms0RE91jV6TdNY5C8Cy8e8yJiPm
6w7N66SzjcVlz+DJmIcE748sQyRw8qqPCVpNTFL0G9KLd07dRD4DTWG9blRkAnib
pYOcNj8vtXfyWNvBDsYpxTRreQWJCRqBrdvtxtQXhsr2C+vwdvxXn5cckvVjlz3g
ms3Xg635G0xqaHM3emXbvzZw0D6Sk7p+sk9sXKCIsTldIzKwak/w45fZVQAKeA2N
D3BIKgEUXGzyObMf1GEPLr6EhzpIbEfvLREgykvdkGE0fZzXrEIhp637t0iGj8Uu
kTqbpNghYGM3666udfWBpi5PFLElmyHK5SezoFDy+5Z6mtbh1iI+PlGUvNcPKFkm
DXIVliOuW2iLQjNLuNGZTYWKkm41vPhMhRe8wB1YjnNU2BHVIKNDBtAO5bRUgZiV
nzrWch/5ejsmX8qdgZlLI18uUI+usIbSZcfG2QSyGdLaE209p9q7Jdj3ltUdlzFN
rsXPRiwBBMlSQOOJ82Jmqnjj19jUG/dQ8A2TxMS9cG6XBcFCvRa8HBYayJnWHmuc
Ix4e8qvvx8J+4BHn369t6nXb/Zor25CJjl5HQZllVIwA55pWDuaKrLiggA+nbYiQ
XGAt/J0t9GDa4wMBUWkTCmYXyB3HHGAy1fp5Vzg1+OfxaX+rSRczXR8sE1vzeNHE
3H1n6Wnxs1iEFK71OXPICMCOM3VOnzrWgeO7jnsbZdF9TySeknEfk4LjHp9I7/V4
qcxk7rGVoZ0FIO6GNAF13qGd3fh3dipQE/nNVRC8SXF3vBd6JoM7qpVGyg+UDKLl
I2FT3mchnESI7Hes4wsA4QV8KyANTwSPqs5+MQGlE4uD2l3gyJOYVA9G7X/QVq/m
zRjPUcKZx/Rog4frgGsWn+GIySoZOMGC5H53cFUXkQRhpqA2GWIawNPszuBdAh+A
KMRN6f4N7thwE5EBlxHYZbqJDSPxKdhv5dVBhwV7/Jh7m7xx11lLeLF50n20e6Yz
wDUvRARNw4N4ZrSvS1s7iTWvPquwwOwmUZvODbP+hm846ybzaNoFhUko6v1KMZIV
4e8HN2vD0sPgdXQK7AbBClHS8Zbvj0u3tbcm54wxBfcWYoR1pYIFWMRRXm53YXCB
BIT5yOERzdK9+ItKcGPs9VHE85UIKPuTaXN+atR/m1agVu1lwSXnshg0qdi7Kd8w
kfE34GA86ul1eSTkXZF42eaTuqc9uZ8ZDekrjXr+hPveXfDvFZ5h6tGCHSSJliqM
NBZWqCqz//rYFHlrYBSJuSoIP8c+7QRPZZluatgAEU5KzAwyGYIRJ5l6mvCoiPXe
0XRaaIWNQGUe4Uy8jkmtl1aoC63vpeA1+qF6jVJrBggwwKIhC56mS2OiMT4KMtxB
+PSkvnLTQbLrXSyb3/KXMWdBckEpCZTlOuuV/boLq4pfns+jRKB8Z0c2W3jWAhGU
EsgpAdgO7HKiZRBL1j+tPZaj9FZkIcW6vs+75vBMojD9K2K83Lw+IyAp6TVeougz
/BieeyRoIDMG9aQAsCDZtsl1uVQ4s1GnyZUkL6TQMcpUPCVR2Z1y9W8WK7lEkLP/
guu5zcGkg6/obQx3zDpJe0KhD3ASAwO1Y7mSZKaEE5jFXiYp25k8tCXrQWbL1riq
A2WzyCAi4N1AiM5OK/1l4E4C6xa0yRyTakxM4XbewsZ8I/32MYZD/6GTYSWKOEWP
SbH2eI1viljZtEO5HehSq8MPfuWhSQgtnYnEa35Cvphrv7FOjxBA5KM+L3nPX21Y
jW76o7RUlNxqPelnnK2oKI0owrHN9SB0WmnRcw6P2UCiZ7fkUtQ6JmTE7oU4dj78
GXKRwMwAUS7bOmCnOYPVYX569E1WN5k4c9ihQ37fyHShQ8/ROECNqDrXchGaM6OZ
OtFeQn8eybb02fHLu7w+y70aQ+Oov2y9pzUSOsxZxDAk2F9/gizTER3s87qYQ4Xp
76qGmaUMByMntRyfS9cmz5g6Kv3kH0HPgV6ooEuB6rTda5mEUx0Y8myay1JfTeic
HlWGwHCGn4CN1NymjmsiLGM8N7gGW8Eoh4ii/UZWfbPWqVxF9BdTDdTppQmapFXJ
i5tgqoqXV60cqxtUqd9rmq484Fj1Ym3NqOFJ3d3lT/4lAt1OfCOzbmRM6wKtpM4A
375AGx+sVWmibbnoJuCXptewFNL5LKKd/jTAijPezexf4Y2q+d/LOlhtoHTezScS
ERsIyp84a5HfZlArEYs1YCXT+HJvbdaRQF+fQ2eTq5G1BIdmNZ6j6Z91Tawr80+6
7NOkpyIB5/KxCkfDf4PLS0rCZhd4bwoRq+ntoGZwfLQrAKSQiVyVdoBPjzP96PP0
CbobqL9qESsOZsNAzY4sPY/4juDjpo0eAtUNPag61nFXpoZ7yts5NSwGxx42MeKg
RJhY9ry4dszwxNbG4kHP5gBLRcoT45sBRYLYmBcwksqFJwCye0ZX3qPtS3tQWJ2Y
MBG+Rc/Db+dG5E/UvWUi4Qgi5pDK8QMB2j5J/UGOCocRUuYerticIzacJ4BU2MW7
LXLJNycwmqWEK5fGhRd5BxkLBm6oFBLkjeb7jCRYd7ow5zJzI1bm3ZJw8yz0kIP2
vFe/oiApTxkHDZ6HbItH2pk0/2FGYPgtLOzCg2xgRSTi5hrBaW6NAWUYGKuE366T
zYNbQGbl+RsVAjqHXHIoCM1JZQONrclkGKTzJG9RRpEHYtdUyrF3svlMCq3s8cOu
mC6nrMZ1jPzBqcf993Z97XfAr1hVMCv93Gw+2aKplpbD+HudKhk=

コメントを残す

メールアドレスが公開されることはありません。

*

このサイトはスパムを低減するために Akismet を使っています。コメントデータの処理方法の詳細はこちらをご覧ください