Below is a proof of concept to sign php files with inline S/MIME signatures.
<?
$key = "client.key";
$crt = "client.crt";
$infile = $argv['1'];
$outfile = $argv['2'];
if($argc != 3)
{
die("Usage: $argv[0] <input file> <output file>\n");
}
$return = trim(`openssl smime -sign -signer $crt -inkey $key -in $infile`);
$lines = explode("\n", $return);
$bits = explode(";", $lines['1']);
$bits = explode("=", $bits['3']);
$boundary = substr($bits['1'], 1, -1);
foreach($lines as $line)
{
if($open == 1 && $line == "--".$boundary)
{
$open = 0;
$closed = 1;
}
if($file != "")
$file .= "\n";
if($open == 1)
$file .= $line;
else
$file .= "//".$line;
if($open == 0 && $line == "--".$boundary && $closed != 1)
$open = 1;
if($closed == 1)
$closed = 0;
}
$file = "<?php\n".$file."\n?>";
$fp = fopen($outfile, "w");
fputs($fp, $file);
fclose($fp);
?>Example output:
<?php
//MIME-Version: 1.0
//Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----CCE07ED9FDA29AA9AAF3E3BB13BC40D8"
//
//This is an S/MIME signed message
//
//------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
<?
echo "Hello World!<br>\n";
?>
//------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
//Content-Type: application/x-pkcs7-signature; name="smime.p7s"
//Content-Transfer-Encoding: base64
//Content-Disposition: attachment; filename="smime.p7s"
//
//MIIHfgYJKoZIhvcNAQcCoIIHbzCCB2sCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
//4co0IHqCtNvoAZRbdThgRX1Ww2cdJu8dFKXXzRdmbCsJKndQVsvM3sKxETkP7PaE
//54Y=
//
//------CCE07ED9FDA29AA9AAF3E3BB13BC40D8--
?>this is an other version of the script above. This version wraps both signing parts in own <?php ?> tags. Feel free to send feedback to the author (Frank Nägler) or wrote some comments to this wiki page.
<?php
// @author Frank Nägler <mail (AT) naegler.net>
// 29.06.2008
$key = "client.key";
$crt = "client.crt";
$infile = $argv['1'];
$outfile = $argv['2'];
if ($argc != 3) {
die("Usage: $argv[0] <input file> <output file>\n");
}
$return = trim(`openssl smime -sign -signer $crt -inkey $key -in $infile`);
$lines = explode("\n", $return);
$bits = explode(";", $lines['1']);
$bits = explode("=", $bits['3']);
$boundary = substr($bits['1'], 1, -1);
$firstPart = '';
$middlePart = '';
$lastPart = '';
$inFirstPart = true;
$inLastPart = false;
foreach ($lines as $line) {
if ($inFirstPart) {
$firstPart[] = $line;
if ($line == '--'.$boundary) {
$inFirstPart = false;
continue;
}
}
if ($line == '--'.$boundary) {
$inLastPart = true;
}
if ($inLastPart) {
$lastPart[] = $line;
}
if (!$inFirstPart && !$inLastPart) {
$middlePart[] = $line;
}
}
$file = "<?php\n// " . implode("\n// ", $firstPart) . "\n?>\n";
$file .= implode("\n", $middlePart);
$file .= "<?php\n// " . implode("\n// ", $lastPart) . "\n?>";
$fp = fopen($outfile, "w");
fputs($fp, $file);
fclose($fp);
?>Example output:
<?php
// MIME-Version: 1.0
// Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----CCE07ED9FDA29AA9AAF3E3BB13BC40D8"
//
// This is an S/MIME signed message
//
// ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
?>
<?
echo "Hello World!<br>\n";
?>
<php
// ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
// Content-Type: application/x-pkcs7-signature; name="smime.p7s"
// Content-Transfer-Encoding: base64
// Content-Disposition: attachment; filename="smime.p7s"
//
// MIIHfgYJKoZIhvcNAQcCoIIHbzCCB2sCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
// 4co0IHqCtNvoAZRbdThgRX1Ww2cdJu8dFKXXzRdmbCsJKndQVsvM3sKxETkP7PaE
// 54Y=
//
// ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8--
?>