Below is a proof of concept to sign php files with inline S/MIME signatures.
<? $key = "client.key"; $crt = "client.crt"; $infile = $argv['1']; $outfile = $argv['2']; if($argc != 3) { die("Usage: $argv[0] <input file> <output file>\n"); } $return = trim(`openssl smime -sign -signer $crt -inkey $key -in $infile`); $lines = explode("\n", $return); $bits = explode(";", $lines['1']); $bits = explode("=", $bits['3']); $boundary = substr($bits['1'], 1, -1); foreach($lines as $line) { if($open == 1 && $line == "--".$boundary) { $open = 0; $closed = 1; } if($file != "") $file .= "\n"; if($open == 1) $file .= $line; else $file .= "//".$line; if($open == 0 && $line == "--".$boundary && $closed != 1) $open = 1; if($closed == 1) $closed = 0; } $file = "<?php\n".$file."\n?>"; $fp = fopen($outfile, "w"); fputs($fp, $file); fclose($fp); ?>
Example output:
<?php //MIME-Version: 1.0 //Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----CCE07ED9FDA29AA9AAF3E3BB13BC40D8" // //This is an S/MIME signed message // //------CCE07ED9FDA29AA9AAF3E3BB13BC40D8 <? echo "Hello World!<br>\n"; ?> //------CCE07ED9FDA29AA9AAF3E3BB13BC40D8 //Content-Type: application/x-pkcs7-signature; name="smime.p7s" //Content-Transfer-Encoding: base64 //Content-Disposition: attachment; filename="smime.p7s" // //MIIHfgYJKoZIhvcNAQcCoIIHbzCCB2sCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3 //4co0IHqCtNvoAZRbdThgRX1Ww2cdJu8dFKXXzRdmbCsJKndQVsvM3sKxETkP7PaE //54Y= // //------CCE07ED9FDA29AA9AAF3E3BB13BC40D8-- ?>
this is an other version of the script above. This version wraps both signing parts in own <?php ?> tags. Feel free to send feedback to the author (Frank Nägler) or wrote some comments to this wiki page.
<?php // @author Frank Nägler <mail (AT) naegler.net> // 29.06.2008 $key = "client.key"; $crt = "client.crt"; $infile = $argv['1']; $outfile = $argv['2']; if ($argc != 3) { die("Usage: $argv[0] <input file> <output file>\n"); } $return = trim(`openssl smime -sign -signer $crt -inkey $key -in $infile`); $lines = explode("\n", $return); $bits = explode(";", $lines['1']); $bits = explode("=", $bits['3']); $boundary = substr($bits['1'], 1, -1); $firstPart = ''; $middlePart = ''; $lastPart = ''; $inFirstPart = true; $inLastPart = false; foreach ($lines as $line) { if ($inFirstPart) { $firstPart[] = $line; if ($line == '--'.$boundary) { $inFirstPart = false; continue; } } if ($line == '--'.$boundary) { $inLastPart = true; } if ($inLastPart) { $lastPart[] = $line; } if (!$inFirstPart && !$inLastPart) { $middlePart[] = $line; } } $file = "<?php\n// " . implode("\n// ", $firstPart) . "\n?>\n"; $file .= implode("\n", $middlePart); $file .= "<?php\n// " . implode("\n// ", $lastPart) . "\n?>"; $fp = fopen($outfile, "w"); fputs($fp, $file); fclose($fp); ?>
Example output:
<?php // MIME-Version: 1.0 // Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----CCE07ED9FDA29AA9AAF3E3BB13BC40D8" // // This is an S/MIME signed message // // ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8 ?> <? echo "Hello World!<br>\n"; ?> <php // ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8 // Content-Type: application/x-pkcs7-signature; name="smime.p7s" // Content-Transfer-Encoding: base64 // Content-Disposition: attachment; filename="smime.p7s" // // MIIHfgYJKoZIhvcNAQcCoIIHbzCCB2sCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3 // 4co0IHqCtNvoAZRbdThgRX1Ww2cdJu8dFKXXzRdmbCsJKndQVsvM3sKxETkP7PaE // 54Y= // // ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8-- ?>