PHP How to parse pkcs7 signature blob?

Question

I have a PKCS7 signature which i can get parsed contents from with

openssl pkcs7 -inform DER -in signature.pkcs7 -print_certs -text

But how do archieve the same output with PHPs openssl functions?

Edit. I succeeded in creating a correct PEM file with the following function:

function der2pem($der_data, $type="CERTIFICATE") {
   $pem = chunk_split(base64_encode($der_data), 64, "\n");
   $pem = "-----BEGIN $type-----\n".$pem."-----END $type-----\n";
   return $pem;
}
$data = der2pem($der_data, "PKCS7");

Im not however successfull in parsing the data with any of the functions mentioned in the PHP manual. It works using openssl with:

openssl pkcs7 -inform PEM -in signature.pkcs7 -print_certs -text

This is not correct. I want to parse and not sign. As far as i can see in the PHP manual there are no functions to parse pkcs7 signatures? — Patrik Grinsvall, Mar 17 '15 at 15:09

score 6 · Accepted Answer · edited May 23 '17 at 12:07

6

Unfortunatelly, I believe there is not simple solution. If you want to parse PKCS#7 DER encoded signature in PHP, you need some ASN.1 parser. OpenSSL functions in PHP are not capable to do it.

Do any PHP libraries exist for parsing ASN.1 or generating PHP code based on it?

Try to decode your DER data with some of referenced parsers. If any parser will work, you should be able to see and extract required information. As first step, you can try online parser from phpseclib project.

http://phpseclib.sourceforge.net/x509/asn1parse.php

edited May 23 '17 at 12:07

Community

1
1

answered Apr 01 '15 at 13:50

kba

4,190
2
15
24

I will give bounty for this solution. I have not yet time to test but it seems like the proper solution. I will test tomorrow and then mark solution or comment. Thanks! – Patrik Grinsvall Apr 06 '15 at 10:11
This solved the problem. Unfortanly ASN.1 is a horrible format but with the help from the source of the online demo https://github.com/phpseclib/docs/blob/master/x509/asn1parse.php i was successfull. – Patrik Grinsvall Apr 07 '15 at 17:21

Halayem Anis · Answer 2 · 2015-03-30T13:28:11.073

0

What about this solution :)

<?php
    $result = shell_exec('openssl pkcs7 -inform DER -in signature.pkcs7 -print_certs -text');
    var_dump ($result);
    // you can use preg_match() if you want to parse something specific

edited Mar 30 '15 at 13:28

answered Mar 30 '15 at 13:08

Halayem Anis

7,654
2
25
45

Unfortanly i cannot use any shell programs on my hosting environment. It needs to be done with php. – Patrik Grinsvall Mar 30 '15 at 20:37

PHP How to parse pkcs7 signature blob?

2 Answers2

Linked