在PHP中调用openssl_pkcs7_verify时指定输入格式类型 [英] Specifying input format type when calling openssl_pkcs7_verify in PHP

问题描述

我有一个关于crypto/php的问题，我希望有人可以帮助我. 我的问题是我有一个已签名的PKCS7块，试图在PHP中进行验证. 但是，当我运行以下PHP命令时:

I have a crypto/php question, I was hoping someone could help me with. My issue is that I have a signed PKCS7 block that I am trying to verify in PHP. However, when I run the following PHP command:

openssl_pkcs7_verify($myfile, PKCS7_BINARY | PKCS7_NOVERIFY, $signers_file);

我收到以下错误:

PKCS7 routines:SMIME_read_PKCS7:no content type

如果我像这样使用红宝石来做到这一点:

If I do it using ruby like so:

p7container = OpenSSL::PKCS7.new(file_contents);
mystore = OpenSSL::X509::Store.new
p7container.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)

有效.

此外，如果我通过OpenSSL命令行运行它:

Also, if I run it through the OpenSSL commandline:

openssl smime -verify -inform der -in my_data_file -noverify

它也可以工作.但是，如果我运行以下命令:

It also works. However, if I run the following:

openssl smime -verify -in my_data_file -noverify

这是相同的命令，但是没有指定notify参数，它会失败，并显示与"no content type"有关的先前相同的错误消息，这似乎使我需要指定输入文件格式.有什么想法可以通过PHP做到吗?

Which is the same command, but without specifying the inform parameter, it fails with the same error message specified before, regarding the "no content type", which makes it seem I need to specify the input file format. Any ideas how I can do that through PHP?

预先感谢您的帮助，

推荐答案

我通过直接从PHP调用openssl(使用

I got around that problem by calling openssl directly from PHP (using the exec function). Be sure to add 2>&1 to the command to redirect stderr to stdout as the message "Verification successful" is sent to stderr.

function verify($signedData, &$data = null) {
    @mkdir("tmp");
    $random = randomString(32);
    $signedFile = "tmp/" . $random . ".pem";
    $file = "tmp/" . $random . ".dat";
    file_put_contents($signedFile, $signedData);
    $output = exec("openssl smime  -verify -in $signedFile -inform DER -noverify -out $file 2>&1");
    if ($output == "Verification successful") {
        $data = file_get_contents($file);
        $result = true;
    } else {
        $result = false;
    }
    @unlink($signedFile);
    @unlink($file);
    return $result;
}

这篇关于在PHP中调用openssl_pkcs7_verify时指定输入格式类型的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！