bool openssl_pkcs7_sign(string $infilename, string $outfilename, mixed $signcert, mixed $privkey, array $headers[, int $flags = PKCS7_DETACHED, string $extracerts])
openssl_pkcs7_sign() takes the contents of the file named
infilename and signs them using the certificate and its matching private key specified by
TRUE on success or
FALSE on failure.
- string $infilename:
- string $outfilename:
- mixed $signcert:
- mixed $privkey:
- array $headers:
headersis an array of headers that will be prepended to the data after it has been signed (see openssl_pkcs7_encrypt() for more information about the format of this parameter).
- int $flags [ = PKCS7_DETACHED]:
flagscan be used to alter the output - see PKCS7 constants.
- string $extracerts:
extracertsspecifies the name of a file containing a bunch of extra certificates to include in the signature which can for example be used to help the recipient to verify the certificate that you used.
Example #1 openssl_pkcs7_sign() example
// the message you want to sign so that recipient can be sure it was you that
// sent it
$data = <<<EOD
You have my authorization to spend $10,000 on dinner expenses.
// save message to file
$fp = fopen("msg.txt", "w");
// encrypt it
if (openssl_pkcs7_sign("msg.txt", "signed.txt", "file://mycert.pem",
array("To" => "email@example.com", // keyed syntax
"From: HQ <firstname.lastname@example.org>", // indexed syntax
"Subject" => "Eyes only")
// message signed - send it!
exec(ini_get("sendmail_path") . " < signed.txt");