openssl_cms_decrypt

    (PHP 8)

    openssl_cms_decryptDecrypt a CMS message

    Опис

    openssl_cms_decrypt(
        string $input_filename,
        string $output_filename,
        #[\SensitiveParameter] OpenSSLCertificate|string $certificate,
        #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string|null $private_key = null,
        int $encoding = OPENSSL_ENCODING_SMIME
    ): bool

    Decrypts a CMS message.

    Параметри

    input_filename

    The name of a file containing encrypted content.

    output_filename

    The name of the file to deposit the decrypted content.

    certificate

    The name of the file containing a certificate of the recipient.

    private_key

    The name of the file containing a PKCS#8 key.

    encoding

    The encoding of the input file. One of OPENSSL_ENCODING_SMIME, OPENSSL_ENCODING_DER or OPENSSL_ENCODING_PEM.

    Значення, що повертаються

    Повертає true у разі успіху або false в разі помилки.

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 1 note

    up
    3
    Sebastian
    4 years ago
    It took me a while to find out the correct way how to decrypt and verify data with these functions.I needed that to communicate with German Health Insurance Providers as part of a DiGA. Maybe someone finds that useful.<?phpfunction decryptAndVerify($signedAndEncryptedRawData): string{    $tempDir = __DIR__ . '/tmp';    $originalFile = tempnam($tempDir, 'original');    $decryptedFile = tempnam($tempDir, 'decrypted');    $verifiedFile = tempnam($tempDir, 'verified');    file_put_contents($originalFile, $signedAndEncryptedRawData);        // One file with all possible certificates one after the other    // -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE-----    $allPossibleSenderCertificates = __DIR__ . '/untrusted.pem';    // Certificate:    //    Data:    //        Version: 3 (0x2)...    $myCertificate = file_get_contents(__DIR__ . '/my.crt');    $myPrivateKey = openssl_pkey_get_private(    // -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----        file_get_contents(__DIR__ . '/my.prv.key.pem')    );        openssl_cms_decrypt(        input_filename: $originalFile,        output_filename: $decryptedFile,        certificate: $myCertificate,        private_key: $myPrivateKey,        encoding: OPENSSL_ENCODING_DER    );    openssl_cms_verify(        input_filename: $decryptedFile,        flags: OPENSSL_CMS_BINARY | OPENSSL_CMS_NOSIGS | OPENSSL_CMS_NOVERIFY,        ca_info: [],        untrusted_certificates_filename: $allPossibleSenderCertificates,        content: $verifiedFile,        encoding: OPENSSL_ENCODING_DER    );    return file_get_contents($verifiedFile);}
    add a note
    To Top