Below is a proof of concept to sign php files with inline S/MIME signatures.

<?
        $key = "client.key";
        $crt = "client.crt";
        $infile = $argv['1'];
        $outfile = $argv['2'];

        if($argc != 3)
        {
                die("Usage: $argv[0] <input file> <output file>\n");
        }

        $return = trim(`openssl smime -sign -signer $crt -inkey $key -in $infile`);

        $lines = explode("\n", $return);

        $bits = explode(";", $lines['1']);
        $bits = explode("=", $bits['3']);
        $boundary = substr($bits['1'], 1, -1);

        foreach($lines as $line)
        {
                if($open == 1 && $line == "--".$boundary)
                {
                        $open = 0;
                        $closed = 1;
                }

                if($file != "")
                        $file .= "\n";

                if($open == 1)
                        $file .= $line;
                else
                        $file .= "//".$line;

                if($open == 0 && $line == "--".$boundary && $closed != 1)
                        $open = 1;
                if($closed == 1)
                        $closed = 0;
        }

        $file = "<?php\n".$file."\n?>";

        $fp = fopen($outfile, "w");
        fputs($fp, $file);
        fclose($fp);
?>

Example output:

<?php
//MIME-Version: 1.0
//Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----CCE07ED9FDA29AA9AAF3E3BB13BC40D8"
//
//This is an S/MIME signed message
//
//------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
<?
        echo "Hello World!<br>\n";
?>

//------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
//Content-Type: application/x-pkcs7-signature; name="smime.p7s"
//Content-Transfer-Encoding: base64
//Content-Disposition: attachment; filename="smime.p7s"
//
//MIIHfgYJKoZIhvcNAQcCoIIHbzCCB2sCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
//4co0IHqCtNvoAZRbdThgRX1Ww2cdJu8dFKXXzRdmbCsJKndQVsvM3sKxETkP7PaE
//54Y=
//
//------CCE07ED9FDA29AA9AAF3E3BB13BC40D8--
?>

this is an other version of the script above. This version wraps both signing parts in own <?php ?> tags. Feel free to send feedback to the author (Frank Nägler) or wrote some comments to this wiki page.

<?php
        // @author Frank Nägler <mail (AT) naegler.net>
        // 29.06.2008
        $key            = "client.key";
        $crt            = "client.crt";
        $infile         = $argv['1'];
        $outfile        = $argv['2'];

        if ($argc != 3) {
                die("Usage: $argv[0] <input file> <output file>\n");
        }

        $return = trim(`openssl smime -sign -signer $crt -inkey $key -in $infile`);
        $lines = explode("\n", $return);

        $bits = explode(";", $lines['1']);
        $bits = explode("=", $bits['3']);
        $boundary = substr($bits['1'], 1, -1);
        $firstPart   = '';
        $middlePart  = '';
        $lastPart    = '';
        $inFirstPart = true;
        $inLastPart  = false;

        foreach ($lines as $line) {
                if ($inFirstPart) {
                        $firstPart[] = $line;
                        if ($line == '--'.$boundary) {
                                $inFirstPart = false;
                                continue;
                        }
                }

                if ($line == '--'.$boundary) {
                        $inLastPart = true;
                }
                
                if ($inLastPart) {
                        $lastPart[] = $line;
                }
                
                if (!$inFirstPart && !$inLastPart) {
                        $middlePart[] = $line;
                }
        }

        $file = "<?php\n// " . implode("\n// ", $firstPart) . "\n?>\n";
        $file .= implode("\n", $middlePart);
        $file .= "<?php\n// " . implode("\n// ", $lastPart) . "\n?>";

        $fp = fopen($outfile, "w");
        fputs($fp, $file);
        fclose($fp);
?>

Example output:

<?php
// MIME-Version: 1.0
// Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----CCE07ED9FDA29AA9AAF3E3BB13BC40D8"
// 
// This is an S/MIME signed message
// 
// ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
?>
<?
        echo "Hello World!<br>\n";
?>
<php
// ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8
// Content-Type: application/x-pkcs7-signature; name="smime.p7s"
// Content-Transfer-Encoding: base64
// Content-Disposition: attachment; filename="smime.p7s"
// 
// MIIHfgYJKoZIhvcNAQcCoIIHbzCCB2sCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
// 4co0IHqCtNvoAZRbdThgRX1Ww2cdJu8dFKXXzRdmbCsJKndQVsvM3sKxETkP7PaE
// 54Y=
//
// ------CCE07ED9FDA29AA9AAF3E3BB13BC40D8--
?>


PHPCodeSigning (last edited 2009-10-12 05:17:31 by UlrichSchroeter)