Description: ------------ I added support for signed messages using openssl_pkcs7_sign. Unfortunatly you have to use temporary files when working with openssl_pkcs7_sign. If anybody else has a better solution I would like to hear it. An encryption routine can be made the same way like this, if you need any help, please let me know. I don't know if this is the right package for encryption and signing of messages, but I thought it would be the most logical. Reproduce code: --------------- Changed code: http://www.xolphin.net/mime.diff Example use: ($Customer and $PDFDocument are a DataObjects) $header['To'] = $Customer->Email; $header['From'] = 'test@example.com'; $header['Subject'] = 'Signed message'; $mime = new Mail_mime("\n"); $mime->setTXTBody($Customer->Message); do { $mime->addAttachment($PDFDocument->PDF, 'application/pdf', 'Document ' . $PDFDocument->DocumentName, 'base64' ); } while ($PDFDocument->Fetch()); $sign_directory = '/var/www/admin/certificates/mail'; if ($filename_signed = $mime->getSignedMessage( $header, 'certificate.pem', 'instantssl.pem', $sign_directory, 'password')) { exec(ini_get('sendmail_path') . ' < ' . $filename_signed); }

Created a patch against HEAD to add support for S/MIME signing of messages. Inclusion is planned for Mail_mime 1.6.0. The proposed workflow to sign a message is very simple; just add parts to a Mail_mime message, and then call sign() once to sign it. When sign() is called, the 'inner' MIME message is built and signed. After this, no further parts can be added to the email; only headers can be added. When a message is signed, the get() method returns the signed inner MIME message, and headers() will include the 'Content-Type: multipart/signed' header generated by OpenSSL. Therefore, the signed Mail_mime message can be handled and sent just like a normal message. The creation of tempfiles cannot be worked around, as openssl_pkcs7_sign simply cannot work any other way. However, they are created with tempnam() so they should not suffer from clashes. Note: the attached patch still uses file_put_contents (PHP 5) which will be changed. openssl will become an optional dependency. Usage example: $sign = true; $text = 'Text version of email'; $html = '<html><body>HTML version of <b>email</b></body></html>'; $crlf = "\n"; $hdrs = array( 'From' => 'walter@example.com', 'Subject' => 'Test mime message', ); $mime = new Mail_mime($crlf); $mime->setTXTBody($text); $mime->setHTMLBody($html); $mime->addAttachment("/home/walter/tmp/test.png", "image/png"); if ($sign) { $result = $mime->sign($hdrs, 'newcert.pem', 'cacert.pem', 'password', 'privatekey.pem'); if (PEAR::isError($result)) { exit ("Error during sign: " . $result->getMessage() . "\n"); } } $body = $mime->get(); $hdrs = $mime->headers($hdrs); // etc.

Because of many changes in current code we'll need some changes in this patch. So, signing must support messages stored in file(s). See saveMessage(), get(), _contentHeaders().

Related to bug #20938.