Specifying input format type when calling openssl_pkcs7_verify in PHP

Question

I have a crypto/php question, I was hoping someone could help me with. My issue is that I have a signed PKCS7 block that I am trying to verify in PHP. However, when I run the following PHP command:

openssl_pkcs7_verify($myfile, PKCS7_BINARY | PKCS7_NOVERIFY, $signers_file);

I get the following error:

PKCS7 routines:SMIME_read_PKCS7:no content type

If I do it using ruby like so:

p7container = OpenSSL::PKCS7.new(file_contents);
mystore = OpenSSL::X509::Store.new
p7container.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)

It works.

Also, if I run it through the OpenSSL commandline:

openssl smime -verify -inform der -in my_data_file -noverify

It also works. However, if I run the following:

openssl smime -verify -in my_data_file -noverify

Which is the same command, but without specifying the inform parameter, it fails with the same error message specified before, regarding the "no content type", which makes it seem I need to specify the input file format. Any ideas how I can do that through PHP?

Thanks in advance for your help,

Answer 1

I got around that problem by calling openssl directly from PHP (using the exec function). Be sure to add 2>&1 to the command to redirect stderr to stdout as the message "Verification successful" is sent to stderr.

function verify($signedData, &$data = null) {
    @mkdir("tmp");
    $random = randomString(32);
    $signedFile = "tmp/" . $random . ".pem";
    $file = "tmp/" . $random . ".dat";
    file_put_contents($signedFile, $signedData);
    $output = exec("openssl smime  -verify -in $signedFile -inform DER -noverify -out $file 2>&1");
    if ($output == "Verification successful") {
        $data = file_get_contents($file);
        $result = true;
    } else {
        $result = false;
    }
    @unlink($signedFile);
    @unlink($file);
    return $result;
}