openssl_pkcs7_decrypt

    (PHP 4 >= 4.0.6, PHP 5, PHP 7, PHP 8)

    openssl_pkcs7_decryptDecrypts an S/MIME encrypted message

    Description

    openssl_pkcs7_decrypt(
        string $input_filename,
        string $output_filename,
        #[\SensitiveParameter] OpenSSLCertificate|string $certificate,
        #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string|null $private_key = null
    ): bool

    Decrypts the S/MIME encrypted message contained in the file specified by input_filename using the certificate and its associated private key specified by certificate and private_key.

    Parameters

    input_filename

    output_filename

    The decrypted message is written to the file specified by output_filename.

    certificate

    private_key

    Return Values

    Returns true on success or false on failure.

    Changelog

    Version Description
    8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 CSR was accepted.

    Examples

    Example #1 openssl_pkcs7_decrypt() example

    <?php
    // $cert and $key are assumed to contain your personal certificate and private
    // key pair, and that you are the recipient of an S/MIME message
    $infilename = "encrypted.msg"; // this file holds your encrypted message
    $outfilename = "decrypted.msg"; // make sure you can write to this file

    if (openssl_pkcs7_decrypt($infilename, $outfilename, $cert, $key)) {
    echo     "decrypted!";
    } else {
    echo     "failed to decrypt!";
    }
    ?>

    Improve This Page

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 1 note

    up
    1
    oliver at anonsphere dot com
    13 years ago
    If you want to decrypt a received email, keep in mind that you need the full encrypted message including the mime header.

    <?php

    // Get the full message
    $encrypted = imap_fetchmime($stream, $msg_number, "1", FT_UID);
    $encrypted .= imap_fetchbody($stream, $msg_number, "1", FT_UID);

    // Write the needed temporary files
    $infile = tempnam("", "enc");
    file_put_contents($infile, $encrypted);
    $outfile = tempnam("", "dec");

    // The certification stuff
    $public = file_get_contents("/path/to/your/cert.pem");
    $private = array(file_get_contents("/path/to/your/cert.pem"), "password");

    // Ready? Go!
    if(openssl_pkcs7_decrypt($infile, $outfile, $public, $private))
    {
    // Decryption successful
    echo file_get_contents($outfile);
    }
    else
    {
    // Decryption failed
    echo "Oh oh! Decryption failed!";
    }

    // Remove the temp files
    @unlink($infile);
    @    unlink($outfile);

    ?>
    add a note
    To Top