openssl_pkcs7_encrypt(3) [php man page]
OPENSSL_PKCS7_ENCRYPT(3) 1 OPENSSL_PKCS7_ENCRYPT(3) openssl_pkcs7_encrypt - Encrypt an S/MIME message SYNOPSIS
bool openssl_pkcs7_encrypt (string $infile, string $outfile, mixed $recipcerts, array $headers, [int $flags], [int $cipherid = OPENSSL_CIPHER_RC2_40]) DESCRIPTION
openssl_pkcs7_encrypt(3) takes the contents of the file named $infile and encrypts them using an RC2 40-bit cipher so that they can only be read by the intended recipients specified by $recipcerts. PARAMETERS
o $infile - o $outfile - o $recipcerts - Either a lone X.509 certificate, or an array of X.509 certificates. o $headers -$headers is an array of headers that will be prepended to the data after it has been encrypted. $headers can be either an asso- ciative array keyed by header name, or an indexed array, where each element contains a single header line. o $flags -$flags can be used to specify options that affect the encoding process - see PKCS7 constants. o $cipherid - One of cipher constants. RETURN VALUES
Returns TRUE on success or FALSE on failure. EXAMPLES
Example #1 openssl_pkcs7_encrypt(3) example <?php // the message you want to encrypt and send to your secret agent // in the field, known as nighthawk. You have his certificate // in the file nighthawk.pem $data = <<<EOD Nighthawk, Top secret, for your eyes only! The enemy is closing in! Meet me at the cafe at 8.30am to collect your forged passport! HQ EOD; // load key $key = file_get_contents("nighthawk.pem"); // save message to file $fp = fopen("msg.txt", "w"); fwrite($fp, $data); fclose($fp); // encrypt it if (openssl_pkcs7_encrypt("msg.txt", "enc.txt", $key, array("To" => "nighthawk@example.com", // keyed syntax "From: HQ <hq@example.com>", // indexed syntax "Subject" => "Eyes only"))) { // message encrypted - send it! exec(ini_get("sendmail_path") . " < enc.txt"); } ?> PHP Documentation Group OPENSSL_PKCS7_ENCRYPT(3)
Check Out this Related Man Page
CMSUTIL(1) NSS Security Tools CMSUTIL(1) NAME
cmsutil - Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages. SYNOPSIS
cmsutil [options] [[arguments]] STATUS
This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477[1] DESCRIPTION
The cmsutil command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages. To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. Each command takes one option. Each option may take zero or more arguments. To see a usage string, issue the command without options. OPTIONS AND ARGUMENTS
Options Options specify an action. Option arguments modify an action. The options and arguments for the cmsutil command are defined as follows: -D Decode a message. -C Encrypt a message. -E Envelope a message. -O Create a certificates-only message. -S Sign a message. Arguments Option arguments modify an action. -b Decode a batch of files named in infile. -c content Use this detached content (decode only). -d dbdir Specify the key/certificate database directory (default is ".") -e envfile Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only). -f pwfile Use password file to set password on all PKCS#11 tokens. -G Include a signing time attribute (sign only). -H hash Use specified hash algorithm (default:SHA1). -h num Generate email headers with info about CMS message (decode only). -i infile Use infile as a source of data (default is stdin). -k Keep decoded encryption certs in permanent cert db. -N nickname Specify nickname of certificate to sign with (sign only). -n Suppress output of contents (decode only). -o outfile Use outfile as a destination of data (default is stdout). -P Include an S/MIME capabilities attribute. -p password Use password as key database password. -r recipient1,recipient2, ... Specify list of recipients (email addresses) for an encrypted or enveloped message. For certificates-only message, list of certificates to send. -T Suppress content in CMS message (sign only). -u certusage Set type of cert usage (default is certUsageEmailSigner). -v Print debugging information. -Y ekprefnick Specify an encryption key preference by nickname. USAGE
Encrypt Example cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile Decode Example cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num] Envelope Example cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..." Certificate-only Example cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ." Sign Message Example cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick] SEE ALSO
certutil(1) SEE ALSO
ADDITIONAL RESOURCES
For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases. Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto IRC: Freenode at #dogtag-pki AUTHORS
The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>. LICENSE
Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. NOTES
1. Mozilla NSS bug 836477 https://bugzilla.mozilla.org/show_bug.cgi?id=836477 nss-tools 19 July 2013 CMSUTIL(1)