1

I want to Digitally Sign an XML file with PHP using OpenSSL, so far I can generate an XML with all the information that I need, and I have a working demo that signs and verifys a signature (declaring the private and public keys as a string). I have a .cer file and a .key file that are files I want to use to sign the XML file. How can I achieve this? The goal is that the end user just uploads these certificates and downloads a signed XML. (Some concrete documentation about this is greatly appreciated)

EDIT: Okay I am now familiarized with OpenSSL and its functions, but still I need to know how to do include this in PHP:

openssl pkcs8 -inform DER -in c:/route/myfile.key -passin pass:contraseña -out c:/route/myfile.pem

To this:

$data = "||2.0|ABCD|2|03-05-2010T14:11:36|49|2008|INGRESO|UNA SOLA EXHIBICIÓN|2000.00|00.00|2320.00|PAMC660606ER9|CONTRIBUYENTE PRUEBASEIS PATERNOSEIS MATERNOSEIS|PRUEBA SEIS|6|6|PUEBLA CENTRO|PUEBLA|PUEBLA|PUEBLA||MÉXICO|72000|CAUR390312S87|ROSA MARÍA CÁLDERON URIEGAS|TOPOCHICO|52|JARDINES DEL VALLE|NUEVO LEÓN|MEXICO|95465|1.00|SERVICIO|01|ASESORIA FISCAL Y ADMINISTRATIVA|2000.00|IVA|16.00|320.00|| "; 

$priv_key_id=openssl_get_privatekey("file://C:\files\Clavepr.key.pem");
$public_key_id=openssl_get_publickey("file://C:\files\cert.cer.pem");
$o=openssl_sign($data,$cadenafirmada, $priv_key_id,OPENSSL_ALGO_SHA1);
$sello=base64_encode($cadenafirmada);

var_dump($sello);
Carlos
  • 57
  • 1
  • 16

2 Answers2

0

Some concrete documentation about this is greatly appreciated

The documentation you are looking for is PKCS7_sign(3).

You can also see how OpenSSL uses it by examining the source code for the openssl smime utility. You can find the source code at <openssl src>/apps/smime.c. You are interested in the code blocks for operation == SMIME_SIGN, and probably the PKCS7_STREAM flag.

jww
  • 97,681
  • 90
  • 411
  • 885
  • I have read the whole page an im more familiarized with OpenSSL by now, PKCS7 was not the solution that worked, I have managed to programatically convert my .cer DER encoded certificate to a PEM format, and I have converted my .key file into PEM format too, using pcks8 in the OpenSSL console, with the 2 keys in PEM format I have also verified them, but I still need to find a way to do the pkcs8 conversion in PHP. – Carlos Jul 11 '14 at 16:33
0

I am currently using sites in hostgator and I raised a ticket on the matter, they configured OpenSSL in the server and enabled it back again for me, then instead of using exec() for executing i used shell_exec() then executed that command directly into the linux console, it looked like this:

shell_exec('openssl pkcs8 -inform DER -in '.$_SERVER['DOCUMENT_ROOT'].'/'.$path1.' -passin pass:'.$contrasena.' -out '.$_SERVER['DOCUMENT_ROOT'].'/'.$path1.'.pem');

That was the only problem all along.

Carlos
  • 57
  • 1
  • 16