zbateson/mmp-crypt-smime

S/MIME encryption, decryption, signing, and verification for zbateson/mail-mime-parser using PHP's OpenSSL extension.

composer require zbateson/mmp-crypt-smime

Sponsors

A huge thank you to all my sponsors. <3

If this project's helped you, please consider sponsoring me.

Requirements

PHP 8.1 or newer with the openssl extension, and zbateson/mail-mime-parser 4.x.

Description

This package provides an S/MIME implementation of zbateson/mmp-crypt using openssl_pkcs7_* functions. It supports:

• Encrypting and decrypting application/pkcs7-mime messages
• Signing and verifying detached application/pkcs7-signature signatures
• Composing S/MIME messages via the SMimeMessage static API (encrypt, sign, sign-then-encrypt)

Usage

Composing an encrypted message

use ZBateson\MailMimeParser\Message;
use ZBateson\MmpCryptSmime\SMimeMessage;

$message = Message::from($rawEmail, false);
$cert = file_get_contents('/path/to/recipient-cert.pem');

// Encrypt -- returns a new IMimePart with application/pkcs7-mime content
$encrypted = SMimeMessage::encrypt($message, $cert);

// The outer Subject defaults to "..." to hide the real subject
echo (string) $encrypted;

Composing a signed message

$cert = file_get_contents('/path/to/signer-cert.pem');
$key = file_get_contents('/path/to/signer-key.pem');

$signed = SMimeMessage::sign($message, $cert, $key);

Sign-then-encrypt

$result = SMimeMessage::signAndEncrypt(
    $message,
    $signerCert,
    $signerKey,
    $recipientCert,
);

Decrypting a parsed message

use ZBateson\MmpCryptSmime\SMimeOpenSsl;

// Configure the decryption credentials
$crypt = new SMimeOpenSsl(
    decryptionCredentials: [
        ['cert' => $cert, 'key' => $key],
    ],
);

// Decrypt the content stream from a parsed encrypted part
$decrypted = $crypt->decrypt($encryptedPart->getContentStream());

License

BSD licensed - please see license agreement.