Mailinglisten-Archive |
Hallo Seong,
Seong-Min Kang schrieb:
> wie machst du das?
> Meinst du GnuPG (zbw. Open PGP) Signaturen?
> Gibt es eine (mehr oder weniger) native Implementierung in PHP? Oder
> nutzt du exec()?
ich versuche die Mails mittels openssl_pkcs7_sign() und einem Zertifikat eines
autorisierten Zertifikatanbieters signieren.
ich baue mir zuerst das den E-Mailbody sowie den Header zusammen, hab mir dazu die alte PHP 4 basierte Klasse
nach PHP 5 ungeschrieben und mir angepasst, und dann signiere ich die E-Mail und
versende die Mail dann PEAR Mail.
Hier der Code:
public function SendSigned($_action = "sign"){
$msg = 'msg.txt';
$signed = 'signed.txt';
$enc = 'enc.txt';
$passphrase= PASSPHRASE;
$cer_file_name =CERT_PEM;
$key_file_name =KEY_PEM;
//Baue MailBody sowie Headers
$this->BuildMail();
if (count($this->acc)>0){
throw new Exception($this->ErrorMsg("Not allowed to send mesage to CC-Recipient."));
}
if (count($this->abcc)>0){
throw new Exception($this->ErrorMsg("Not allowed to send mesage to BCC-Recipient."));
}
if (count($this->sendto) == 0){
throw new Exception($this->ErrorMsg("No Recipient set."));
}
$this->ar_headers["To"] = implode( ",", $this->sendto);
//Prueft ob an Anfang der E-Mail ein \n vorhaden ist
if (strpos($this->fullBody,"\n") != 0 || strpos($this->fullBody,"\n") == false){
$this->fullBody = "\n".$this->fullBody;
}
// Save message to file
if ($fp = fopen($msg, "w+")){
fwrite($fp,$this->fullBody);
fclose($fp);
}
else{
throw new Exception($this->ErrorMsg("Permission denied: Can't write to directory tmp_msg!"));
}
if ($_action == "sign"){
if (!openssl_pkey_get_private (array('file://'.$key_file_name,$passphrase))){
throw new Exception($this->ErrorMsg("Konnte privaten Schlüssel nicht auslesen!"));
}
else{
// Sign the message first
if (openssl_pkcs7_sign($msg, $signed, 'file://'.$cer_file_name, array('file://'.$key_file_name,$passphrase),$this->ar_headers)){
$data = file_get_contents($signed);
$this->SendPearMail($data);
}
else{
throw new Exception($this->ErrorMsg("Signieren der E-Mail fehlgeschlagen!"));
}
}
}
elseif ($_action == "enc"){
if (!openssl_pkey_get_private (array('file://'.$key_file_name,$passphrase))){
throw new Exception($this->ErrorMsg("Konnte privaten Schlüssel nicht auslesen!"));
}
else{
// Sign the message first
if (!openssl_pkcs7_sign($msg, $signed, 'file://'.$cer_file_name, array('file://'.$key_file_name,$passphrase),array())){
throw new Exception($this->ErrorMsg("Signieren der E-Mail fehlgeschlagen!"));
}
else{
// Get the public key certificate.
$pubkey = file_get_contents($cer_file_name);
//encrypt the message, now put in the headers.
if (openssl_pkcs7_encrypt($signed, $enc,$pubkey,$this->ar_headers)){
$data = file_get_contents($enc);
$this->SendPearMail($data);
}
else{
throw new Exception($this->ErrorMsg("Verschluesseln der E-Mail fehlgeschlagen!"));
}
}
}
}
}
private function SendPearMail($_data){
$parts = explode("\n\n",$_data,2);
$params["host"] = "localhost";
$params["port"] = 25;
$params["auth"] = false;
$params["username"] = "";
$params["password"] = "";
$recipient = array();
$recipient["To"] = implode( ",", $this->sendto );
$header_tmp = explode("\n",$parts[0]);
for ($i=0; $i < count($header_tmp);$i++){
$str_key = substr($header_tmp[$i],0,strpos($header_tmp[$i],":"));
$str_value = substr($header_tmp[$i],strpos($header_tmp[$i],":")+1);
$header[trim($str_key)] = trim($str_value);
}
$mail = Mail::factory('smtp', $params);
if (PEAR::isError($mail)) {
throw new Exception($this->ErrorMsg($mail->getMessage()));
}
$result = $mail->send($recipient, $header, $parts[1]);
if (PEAR::isError($result)){
throw new Exception($this->ErrorMsg($result->getMessage()));
}
}
Grüße Peter
php::bar PHP Wiki - Listenarchive