S/Mime signing in PHP - Which file is which cert?

Question

I'm trying to send S/Mime signed and encrypted emails.

I have this code:

// Sign the message first
openssl_pkcs7_sign("inc/admin/email/body.txt","inc/admin/email/body/enc.txt",
 "signing_cert.pem",array("private_key.pem",
 "test"),array());

// Get the public key certificate.
$pubkey = file_get_contents("cert.pem");

//encrypt the message, now put in the headers.
openssl_pkcs7_encrypt("signed.txt", "enc.txt", $pubkey,$headers,0,1);

My question is which cert is which? If I use the certs I have (is this ok) the files I have are:

• .key
• .csr
• .crt
• and the public .pem.

Which is which?

Answer 1

Generally speaking PEM can be private key, public key and also certificate. It gepends how did you create/gain certificate.

But in your case, I expect following: CSR = Certificate signing request, useless for you now CRT = Certificate KEY = Private key PEM = Public key/Certificate

Answer 2

First of all, certificates are not "SSL certificates". This is a misleading term that leads you to wrong use.

Each X.509 certificate has intended use (as defined in Key Usage and Extended Key Usage fields). Certificates issued for securing SSL servers can not be used for S/MIME and vice versa (unless you build some custom infrastructure which doesn't care about Key Usage).

Now, you sign using your certificate and private key, however you encrypt using recipient's certificate (which includes a public key). If you only have one CRT/KEY file pair, it's probably your certificate and your private key accordingly and you can use them for signing. But unless you encrypt the message for yourself (i.e. you are recipient of the encrypted message) encryption using your certificate makes no sense.