Geek Answers Handbook

PHP openssl_pkcs7_verify not working

I use pkcs7 to sign the document, and everything works fine, the problem is that the command to check the character does not work, always returns false. I am trying to use a terminal command in a file and it works fine.

Sign the command:

openssl_pkcs7_sign( $tempdoc, $tempsign, $this->signature_data['signcert'], array($this->signature_data['privkey'], $this->signature_data['password']), array(), PKCS7_BINARY | PKCS7_DETACHED);

Check command:

 openssl_pkcs7_verify($tempsign, PKCS7_NOVERIFY)

Terminal command:

 openssl pkcs7 -inform DER -in signature.pkcs7 -print_certs -text


EDIT 1
I do tests in my code and find that I only create my character with PKCS7_DETACHED or PKCS7_BINARY, it works fine, but I get an error message together. Why is this happening?

+6
php php-openssl pkcs # 7
source share
1 answer

Here in PHP 7, I can reproduce your problem. Using both flags, the test fails.

Maybe THIS URL can help you., This part talks about it.

SMIME -sign "disconnected" "pins" the content just as it is - binary and text-canonized without, and signs it. SMIME -verify recognizes "disconnected", but (in multi_split) always canonizes both before use. For content that was submitted non-canonical (with -sign - binary or equivalent), this changes the signed content, and verification fails. Content that was canonical as sent (initially by the canonical or canonical path of the sender) checks and similarly the output without determining whether the sender changed it.

In docs you can read that the parser is not so smart:

ERRORS

The MIME parser is not very smart: it processes most of the messages that I threw at it, but it can strangle others.

Hope this helps!

+3
source share

More articles:


All Articles