For a school assignment we have to send secure emails coming from a bank (we are the bank). In order to secure these emails im using PHPMailer. PHPMailer contains a Sign($cert_filename, $key_filename, $key_pass) method that signs the email using a certificate. I'm guessing that this is making the email 'secure' and that the customer can really know it is the bank sending the email. I'm sending the emails over my own domain using SMTP.

In order to get the certificate i've created a certificate at this website, that got installed in my browser.

Now the question is: how do I use that certificate to sign the emails i'm sending using my PHP script and PHPMailer? I've exported the certificate from my browser (FF), which results in a .p12 file, but i think the .p12 file isn't what im looking for.

Any help would be appreciated.

有帮助吗?

解决方案

In your class.phpmailer.php file change a data:

public   $sign_cert_file = ’’; 
public   $sign_key_file  = ’’; 
public   $sign_key_pass  = ’’;

than locate that appears:

if (@openssl_pkcs7_sign($file, $signed, "file://".$this->sign_cert_file, array("file://".$this->sign_key_file, $this->sign_key_pass), null)) {

and change to:

if (@openssl_pkcs7_sign($file, $signed, file_get_contents($this->sign_cert_file), array(file_get_contents($this->sign_key_file), $this->sign_key_pass), null)){

This mean that you got via object $this->sign_key_file instead of file inclusion file://

Than change your temp name:

$file = tempnam(’’, ’mail’);
...
$signed = tempnam("", "signed");

to:

$file = tempnam(’./tmp/’, ’mail’);
...
$signed = tempnam("./tmp/", "signed");

This means that you are using on a tmp directory server.

And now how example show of sending and putting cert file of data:

require("class.phpmailer.php");
$mail = new PHPMailer();
$mail->IsMail();

$mail->AddAddress("email@example.com");
$mail->Subject = "Test 1";
$mail->Body = "Test 1 of PHPMailer.";

// CUSTOMISED SIGN EMAIL : START
$mail->sign_cert_file="/xxx/key.pem";
$mail->sign_key_file="/xxx/key.pem";
$mail->sign_key_pass="yyy";
// CUSTOMISED SIGN EMAIL : END

$mail->Send(); // Send encrypted email!

其他提示

You can now add a signed certificate using the sign() function:

require_once 'PHPMailerAutoload.php';
$mail = new PHPMailer();
$mail->AddAddress("email@example.com");
$mail->Subject = "Test";
$mail->Body = "Test";

$mail->sign(
    'cert.crt',
    'cert.key',
    'password',//required even if empty
    'certchain.pem'
);

if( !$mail->Send() ){
    echo $mail->ErrorInfo;
}

https://github.com/PHPMailer/PHPMailer/blob/master/examples/smime_signed_mail.phps#L77

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top