Dutch PHP Conference 2025 - Call For Papers

    openssl_cms_decrypt

    (PHP 8)

    openssl_cms_decryptDéchiffre un message CMS

    Description

    openssl_cms_decrypt(
        string $input_filename,
        string $output_filename,
        #[\SensitiveParameter] OpenSSLCertificate|string $certificate,
        #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string|null $private_key = null,
        int $encoding = OPENSSL_ENCODING_SMIME
    ): bool

    Déchiffre un message CMS.

    Liste de paramètres

    input_filename

    Le nom d'un fichier contenant un contenu chiffré.

    output_filename

    Le nom du fichier pour déposer le contenu déchiffré.

    certificate

    Le nom du fichier contenant un certificat du destinataire.

    private_key

    Le nom du fichier contenant une clé PKCS#8.

    encoding

    L'encodage du fichier d'entrée. Une des constantes OPENSSL_ENCODING_SMIME, OPENSSL_ENCODING_DER ou OPENSSL_ENCODING_PEM.

    Valeurs de retour

    Cette fonction retourne true en cas de succès ou false si une erreur survient.

    Improve This Page

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 1 note

    up
    3
    Sebastian
    3 years ago
    It took me a while to find out the correct way how to decrypt and verify data with these functions.
    I needed that to communicate with German Health Insurance Providers as part of a DiGA. Maybe someone finds that useful.

    <?php
    function decryptAndVerify($signedAndEncryptedRawData): string
    {
    $tempDir = __DIR__ . '/tmp';
    $originalFile = tempnam($tempDir, 'original');
    $decryptedFile = tempnam($tempDir, 'decrypted');
    $verifiedFile = tempnam($tempDir, 'verified');

    file_put_contents($originalFile, $signedAndEncryptedRawData);

    // One file with all possible certificates one after the other
    // -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE-----
    $allPossibleSenderCertificates = __DIR__ . '/untrusted.pem';

    // Certificate:
    // Data:
    // Version: 3 (0x2)...
    $myCertificate = file_get_contents(__DIR__ . '/my.crt');
    $myPrivateKey = openssl_pkey_get_private(
    // -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
    file_get_contents(__DIR__ . '/my.prv.key.pem')
    );

    openssl_cms_decrypt(
    input_filename: $originalFile,
    output_filename: $decryptedFile,
    certificate: $myCertificate,
    private_key: $myPrivateKey,
    encoding: OPENSSL_ENCODING_DER
    );

    openssl_cms_verify(
    input_filename: $decryptedFile,
    flags: OPENSSL_CMS_BINARY | OPENSSL_CMS_NOSIGS | OPENSSL_CMS_NOVERIFY,
    ca_info: [],
    untrusted_certificates_filename: $allPossibleSenderCertificates,
    content: $verifiedFile,
    encoding: OPENSSL_ENCODING_DER
    );
    return     file_get_contents($verifiedFile);
    }
    add a note
    To Top