My suggestion is to ensure all the paths to what you use are valid
This should help:
var_dump('file://'.realpath('./p12.pem'));
Does that and the rest of the files
Exists?
I do hope these files are not in your document root
Curt.
--
Resistance is futile
On Mar 22, 2013, at 12:35 PM, Eugene M. Zheganin e...@norma.perm.ru wrote:
Hi.
I'm trying to sign an S/MIME with PHP, using a pair of GOST-encrypted
certificate and a private key.
When using openssl itself from a console everything is fine:
/usr/local/openssl/bin/openssl cms -sign -in file.txt -out signedfile.txt
-signer p12.pem
(signedfile.txt is created)
/usr/local/openssl/bin/openssl cms -verify -in signedfile.txt -out
signedddata.txt -no_signer_cert_verify -issuer_checks -ignore_critical
Verification successful
When using PHP code I'm kinda stuck:
$res = openssl_pkcs7_sign(file.txt, phpsignedfile.txt,
'file://'.realpath('./p12.pem'), 'file://'.realpath('./p12.pem'), array(To
= f...@bar.com, From: FooBar f...@bar.com, Subject = Foo Bar));
if (!$res) {
while ($msg = openssl_error_string())
echo $msg . br /\n;
echo Failed to sign.\n; exit;
}
I get:
# /usr/local/php/bin/php sign-clear.php
PHP Warning: openssl_pkcs7_sign(): error getting private key in
/root/tests/sign-clear.php on line 3
error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported
algorithmbr /
error:0606F076:digital envelope routines:EVP_PKCS82PKEY:unsupported private
key algorithmbr /
error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 libbr /
Failed to sign.
The 'error getting private key' is all the time here, except for when it
really cannot be loaded I get the 'no start line error'. So this output
really looks like PHP openssl module cannot find a proper cipher.
How do I tell PHP that this is a GOST cipher ? I'm telling this to openssl
either using a config file, or using a direct '-engine gost' option. Is there
a way to tell PHP the same thing ?
I have indeed a PHP compiled and linked to a GOST-enabled openss 1.0.1e
(openssl module was built with PHP together):
# /usr/local/openssl/bin/openssl ciphers | grep -i GOST
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:GOST2001-GOST89-GOST89:GOST94-GOST89-GOST89:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
(notice it's the default config output)
# ldd /usr/local/php/bin/php
linux-vdso.so.1 = (0x7fff42455000)
libcrypt.so.1 = /lib/libcrypt.so.1 (0x7f1077404000)
libresolv.so.2 = /lib/libresolv.so.2 (0x7f10771ee000)
librt.so.1 = /lib/librt.so.1 (0x7f1076fe5000)
libmcrypt.so.4 = /usr/lib/libmcrypt.so.4 (0x7f1076db3000)
libltdl.so.7 = /usr/lib/libltdl.so.7 (0x7f1076baa000)
libdl.so.2 = /lib/libdl.so.2 (0x7f10769a5000)
libfreetype.so.6 = /usr/lib/libfreetype.so.6 (0x7f107671d000)
libz.so.1 = /usr/lib/libz.so.1 (0x7f1076506000)
libpng12.so.0 = /lib/libpng12.so.0 (0x7f10762df000)
libjpeg.so.62 = /usr/lib/libjpeg.so.62 (0x7f10760bc000)
libcrypto.so.1.0.0 = /usr/local/openssl/lib/libcrypto.so.1.0.0
(0x7f1075ce2000)
libssl.so.1.0.0 = /usr/local/openssl/lib/libssl.so.1.0.0
(0x7f1075a78000)