openssl_pkcs7_encrypt(3) [php man page]
OPENSSL_PKCS7_ENCRYPT(3) 1 OPENSSL_PKCS7_ENCRYPT(3) openssl_pkcs7_encrypt - Encrypt an S/MIME message SYNOPSIS
bool openssl_pkcs7_encrypt (string $infile, string $outfile, mixed $recipcerts, array $headers, [int $flags], [int $cipherid = OPENSSL_CIPHER_RC2_40]) DESCRIPTION
openssl_pkcs7_encrypt(3) takes the contents of the file named $infile and encrypts them using an RC2 40-bit cipher so that they can only be read by the intended recipients specified by $recipcerts. PARAMETERS
o $infile - o $outfile - o $recipcerts - Either a lone X.509 certificate, or an array of X.509 certificates. o $headers -$headers is an array of headers that will be prepended to the data after it has been encrypted. $headers can be either an asso- ciative array keyed by header name, or an indexed array, where each element contains a single header line. o $flags -$flags can be used to specify options that affect the encoding process - see PKCS7 constants. o $cipherid - One of cipher constants. RETURN VALUES
Returns TRUE on success or FALSE on failure. EXAMPLES
Example #1 openssl_pkcs7_encrypt(3) example <?php // the message you want to encrypt and send to your secret agent // in the field, known as nighthawk. You have his certificate // in the file nighthawk.pem $data = <<<EOD Nighthawk, Top secret, for your eyes only! The enemy is closing in! Meet me at the cafe at 8.30am to collect your forged passport! HQ EOD; // load key $key = file_get_contents("nighthawk.pem"); // save message to file $fp = fopen("msg.txt", "w"); fwrite($fp, $data); fclose($fp); // encrypt it if (openssl_pkcs7_encrypt("msg.txt", "enc.txt", $key, array("To" => "nighthawk@example.com", // keyed syntax "From: HQ <hq@example.com>", // indexed syntax "Subject" => "Eyes only"))) { // message encrypted - send it! exec(ini_get("sendmail_path") . " < enc.txt"); } ?> PHP Documentation Group OPENSSL_PKCS7_ENCRYPT(3)
Check Out this Related Man Page
certtool(1) General Commands Manual certtool(1) NAME
certtool - Manipulate certificates and keys. SYNOPSIS
certtool [options] DESCRIPTION
Generate X.509 certificates, certificate requests, and private keys. OPTIONS
Program control options -d, --debug LEVEL Specify the debug level. Default is 1. -h, --help Shows this help text -v, --version Shows the program's version Getting information on X.509 certificates -i, --certificate-info Print information on a certificate. -k, --key-info Print information on a private key. -l, --crl-info Print information on a CRL. --p12-info Print information on a PKCS #12 structure. Getting information on Openpgp certificates --pgp--certificate-info Print information on an OpenPGP certificate. --pgp--key-info Print information on an OpenPGP private key. --pgp--ring-info Print information on a keyring. Generating/verifying X.509 certificates/keys -c, --generate-certificate Generate a signed certificate. -e, --verify-chain Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one. --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman parameters. --load-ca-certificate FILE Certificate authority's certificate file to use. --load-ca-privkey FILE Certificate authority's private key file or PKCS #11 URL to use. --load-certificate FILE Certificate file to use. --load-privkey FILE Private key file or PKCS #11 URL to use. --load-pubkey FILE Public key file or PKCS #11 URL to use. --load-request FILE Certificate request file to use. -p, --generate-privkey Generate a private key. -q, --generate-request Generate a PKCS #10 certificate request. -s, --generate-self-signed Generate a self-signed certificate. -u, --update-certificate Update a signed certificate. Controlling output -8, --pkcs8 Use PKCS #8 format for private keys. --pkcs-cipher The cipher to use when doing pkcs encryption. Valid options are 3des,aes-128,aes-192,aes-256,rc2-40 --dsa Generate a DSA key. --bits BITS Specify the number of bits for key generation. --export-ciphers Use weak encryption algorithms. --inraw Use RAW/DER format for input certificates and private keys. --infile FILE Input file. --outraw Use RAW/DER format for output certificates and private keys. --outfile FILE Output file. --password PASSWORD Password to use. --to-p12 Generate a PKCS #12 structure. --template Use a template file to read input. See the doc/certtool.cfg in the distribution, for an example. --fix-key Some previous versions of certtool generated wrongly the optional parameters in a private key. This may affect programs that used them. To fix an old private key use --key-info in combination with this parameter. --v1 When generating a certificate use the X.509 version 1 format. This does not add any extensions (such as indication for a CA) but some programs do need these. EXAMPLES
To create a private key, run: $ certtool --generate-privkey --outfile key.pem To create a certificate request (needed when the certificate is issued by another party), run: $ certtool --generate-request --load-privkey key.pem --outfile request.pem To create a certificate request using a key stored in a PKCS #11 token, run: $ ./certtool --generate-request --load-privkey "pkcs11:..." --load-pubkey "pkcs11:..." --outfile request.pem To generate a certificate using the previous request, use the command: $ certtool --generate-certificate --load-request request.pem --outfile cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem To generate a certificate using the private key only, use the command: $ certtool --generate-certificate --load-privkey key.pem --outfile cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem To view the certificate information, use: $ certtool --certificate-info --infile cert.pem To generate a PKCS #12 structure using the previous key and certificate, use the command: $ certtool --load-certificate cert.pem --load-privkey key.pem --to-p12 --outder --outfile key.p12 AUTHOR
Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list. This manual page was written by Ivo Timmermans <ivo@debian.org>, for the Debian GNU/Linux system (but may be used by others). May 23rd 2005 certtool(1)