rfc:add-cms-support
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
rfc:add-cms-support [2020/05/11 12:18] – created elear | rfc:add-cms-support [2020/05/13 19:45] – Move into discussion. elear | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: Add CMS Support ====== | ====== PHP RFC: Add CMS Support ====== | ||
* Version: 0.9 | * Version: 0.9 | ||
- | * Date: 2020-05-11 | + | * Date: 2020-05-13 |
* Author: Eliot Lear, lear@lear.ch | * Author: Eliot Lear, lear@lear.ch | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 28: | Line 28: | ||
As currently stands, the CMS sign and verify functions now can take as an argument the encoding method (DER/ | As currently stands, the CMS sign and verify functions now can take as an argument the encoding method (DER/ | ||
- | The calling interface is as follows: | + | === Calling Interface === |
<code php> | <code php> | ||
- | function | + | function |
- | array $cainfo = UNKNOWN, string | + | </ |
- | function | + | This function |
- | function | + | |
- | function openssl_cms_decrypt(string $infilename, | + | Arguments: |
+ | * $infile | ||
+ | * $outfile | ||
+ | * $signcert - the name of the file containing the signing certificate | ||
+ | * $signkey - the name of file containing the key associated with $signcert | ||
+ | * $headers | ||
+ | * $flags - flags to be passed to cms_sign() | ||
+ | * $encoding - the encoding of the output file | ||
+ | * $extracertsfilename - intermediate certificates to be included in the signature | ||
+ | |||
+ | <code php> | ||
+ | function openssl_cms_verify(string $filename, int $flags = 0, string | ||
+ | </ | ||
+ | |||
+ | This function | ||
+ | |||
+ | Arguments: | ||
+ | * $filename - the input file | ||
+ | * $flags - flags that would be passed to cms_verify | ||
+ | * $signercerts - a file that the signer certificate and optionally intermediate certificates | ||
+ | * $cainfo - an array containing self-signed certificate authority certificates | ||
+ | * $extracerts - a file containing additional intermediarte certificates | ||
+ | * $content - a file pointing to the content when signatures are detached | ||
+ | * $pk7 - a file to save the signature to | ||
+ | * $encoding - one of three supported encodings (PEM/ | ||
+ | |||
+ | Returns TRUE on success and FALSE on failure. | ||
+ | <code php> | ||
+ | function openssl_cms_encrypt(string $infile, string $outfile, $recipcerts, ?array $headers, int $flags = 0, int $encoding = OPENSSL_ENCODING_SMIME, | ||
+ | </ | ||
+ | |||
+ | This function encrypts content to one or more recipients, based on the certificates that are passed to it. | ||
+ | |||
+ | Arguments: | ||
+ | |||
+ | * $infile - the file to be encrypted | ||
+ | * $outfile - the output file | ||
+ | * $recipcerts - recipients to encrypt to | ||
+ | * $headers - headers to include when S/MIME is usd | ||
+ | * $flags - Flags to be passed to CMS_sign | ||
+ | * $encoding - an encoding to output | ||
+ | * $cipher - a cypher to use | ||
+ | |||
+ | Return values: TRUE on success or FALSE on failure. | ||
+ | |||
+ | <code php> | ||
+ | function openssl_cms_decrypt(string $infilename, | ||
+ | </ | ||
+ | Decrypts a CMS message. | ||
+ | |||
+ | Arguments: | ||
+ | * $infilename - the name of a file containing encrypted content | ||
+ | * $outfilename - the name of the file to deposit the decrypted content | ||
+ | * $recipcert - the name of the file containing a certificate of the recipient | ||
+ | * $recipkey - the name of the file containing a PKCS#8 key | ||
+ | * $encoding - the encoding of the input file. | ||
+ | |||
+ | Returns TRUE on success and FALSE on failure. | ||
+ | |||
+ | <code php> | ||
function openssl_cms_read(string $infilename, | function openssl_cms_read(string $infilename, | ||
</ | </ | ||
+ | |||
+ | Performs the exact analog to openssl_pkcs7_read(). | ||
+ | |||
This is **nearly** identical to the PKCS#7 calling interface, the only exception being $encoding. | This is **nearly** identical to the PKCS#7 calling interface, the only exception being $encoding. | ||
Line 53: | Line 115: | ||
==== To Existing Extensions ==== | ==== To Existing Extensions ==== | ||
- | openssl | + | New functions are added to ext/openssl. |
==== To Opcache ==== | ==== To Opcache ==== | ||
- | These are entirely file operations. | + | |
+ | No known impact. | ||
Line 66: | Line 129: | ||
OPENSSL_ENCODING_PEM /* encoding is PEM (Privacy-Enhanced Mail) */ | OPENSSL_ENCODING_PEM /* encoding is PEM (Privacy-Enhanced Mail) */ | ||
+ | The following analogs to PKCS#7 are also added: | ||
+ | OPENSSL_CMS_DETACHED | ||
+ | OPENSSL_CMS_TEXT | ||
+ | OPENSSL_CMS_NOINTERN | ||
+ | OPENSSL_CMS_NOVERIFY | ||
+ | OPENSSL_CMS_NOCERTS | ||
+ | OPENSSL_CMS_NOATTR | ||
+ | OPENSSL_CMS_BINARY | ||
+ | OPENSSL_CMS_NOSIGS | ||
+ | | ||
==== php.ini Defaults ==== | ==== php.ini Defaults ==== | ||
Line 72: | Line 145: | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
- | Currently encoding isn't passed to the encrypt, decrypt, and read operations. | + | No known issues. |
===== Unaffected PHP Functionality ===== | ===== Unaffected PHP Functionality ===== | ||
Line 80: | Line 153: | ||
===== Future Scope ===== | ===== Future Scope ===== | ||
- | Currently, as with the PKCS#7 calls, these calls take files as arguments. | + | Currently, as with the PKCS#7 calls, these calls take files as arguments. |
- | strings as input and deliver strings as output. | + | focus on in-memory signing/ |
- | any such change could be backward compatible with a new flag. | + | |
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
Line 89: | Line 161: | ||
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | This capability is available for inspection as [[https:// | + | This capability is available for inspection as [[https:// |
Tests are available in that PR. This PR is subject to change of course, based on community feedback. | Tests are available in that PR. This PR is subject to change of course, based on community feedback. | ||
+ | ===== Proposed Voting Choices ===== | ||
+ | |||
+ | Yes/No. | ||
===== Implementation ===== | ===== Implementation ===== | ||
Line 104: | Line 179: | ||
- [[https:// | - [[https:// | ||
- [[https:// | - [[https:// | ||
+ | - [[https:// | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
Keep this updated with features that were discussed on the mail lists. | Keep this updated with features that were discussed on the mail lists. |
rfc/add-cms-support.txt · Last modified: 2020/07/22 17:40 by carusogabriel