IPWorks S/MIME 2020 PHP Edition

Questions / Feedback?

SMIME Class

Properties   Methods   Events   Configuration Settings   Errors  

The SMIME class implements the S/MIME standard for encryption and decryption with public key cryptography and X.509 digital certificates.

Class Name

IPWorksSMIME_SMIME

Procedural Interface

 ipworkssmime_smime_open();
 ipworkssmime_smime_close($res);
 ipworkssmime_smime_register_callback($res, $id, $function);
 ipworkssmime_smime_get_last_error($res);
 ipworkssmime_smime_get_last_error_code($res);
 ipworkssmime_smime_set($res, $id, $index, $value);
 ipworkssmime_smime_get($res, $id, $index);
 ipworkssmime_smime_do_addrecipientcert($res, $certencoded);
 ipworkssmime_smime_do_config($res, $configurationstring);
 ipworkssmime_smime_do_decrypt($res);
 ipworkssmime_smime_do_decryptandverifysignature($res);
 ipworkssmime_smime_do_encrypt($res);
 ipworkssmime_smime_do_getrecipientinfo($res);
 ipworkssmime_smime_do_getsignercertinfo($res);
 ipworkssmime_smime_do_reset($res);
 ipworkssmime_smime_do_sign($res);
 ipworkssmime_smime_do_signandencrypt($res);
 ipworkssmime_smime_do_verifysignature($res);

Remarks

The SMIME class implements the S/MIME V3 standard for encryption and decryption using Public Key Cryptography Standards (PKCS). In addition the class can be used to both generate and verify RSA digital signatures. Using this class for decrypting or signing requires a valid digital certificate with a private key.

Before performing an operation the input and output values should be specified.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

The headers of the input message (if any) will be read from InputMessageHeaders or InputMessageHeadersString.

The headers of the resulting message will be available in the OutputMessageHeaders and OutputMessageHeadersString properties.

Signing

To sign the current data included in the input message with a certificate, the Certificate property must be set to a valid Certificate object for the signing certificate. The IncludeCertificate and DetachedSignature properties allow you to specify additional details about the signing process. By setting IncludeCertificate to true, digital certificates can be encoded and included in message signature when signing the document. Including a certificate is the preferred method of building signed messages. In addition the SMIME class can also generate PKCS #7 formatted detached digital signatures and envelopes by specifying DetachedSignature.

Encrypting

To encrypt a message with the class in a PCKS envelope, you must first specify the Certificate for each recipient in the RecipientCerts properties to encrypt the message with. You can easily add these with the AddRecipientCert method. Once you have done this you can call the Encrypt method to encrypt the message with the recipient certificates.

In addition, the class allows you to sign and encrypt simultaneously with the SignAndEncrypt method. You must set all of the properties needed for both Sign and Encrypt

The result of the encrypted or signed data will be replaced in the OutputMessage property and the OutputMessageHeaders property will be filled with the appropriate mime headers if applicable.

Decrypting

Decrypting PKCS envelopes is handled with the Decrypt method. When this method is called, the class will attempt to find an appropriate certificate in the Certificate property that matches the encrypting certificate. If it cannot find an appropriate certificate an exception will be thrown and the message will not be decrypted.

Verifying Signatures

In addition the SMIME class can be used to verify signatures included in signed messages or documents. After specifying the input, VerifySignature can then be used to verify the signature. If the message does not have a certificate attached more then likely an exception will be thrown and the class will not be able to verify the signature. If VerifySignature is successful, the SignerCert and SignerCertChain properties will be filled with the certificate information of the message signer. This information can be used to verify the signing certificates.

Similar to SignAndEncrypt, DecryptAndVerifySignature can be used to both decrypt and verify the message in Message.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

CertEncodedThe certificate (PEM/base64 encoded).
CertStoreThe name of the certificate store for the client certificate.
CertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
CertStoreTypeThe type of certificate store for this certificate.
CertSubjectThe subject of the certificate used for client authentication.
DetachedSignatureSpecifies whether to include a detached signature when signing a message.
EncryptingAlgorithmTextual description of the encrypting algorithm.
IncludeCertificateSpecifies whether to include the signer's certificate with the signed message.
IncludeChainSpecifies whether to include the signer's certificate chain with the signed message.
IncludeHeadersTells the class whether to include the headers when encoding the message.
InputFileThe file to process.
InputMessageThe message to process.
InputMessageHeaderCountThe number of records in the InputMessageHeader arrays.
InputMessageHeaderFieldThis property contains the name of the HTTP header (same case as it is delivered).
InputMessageHeaderValueThis property contains the header contents.
InputMessageHeadersStringString version of headers from the SMIME message.
InternalHeadersThe headers of the MIME entity inside the encrypted or signed message.
MessageEncryptedWhether or not the current message is encrypted.
MessageSignedWhether or not the current message is signed.
OutputFileThe output file.
OutputMessageThe output message after processing.
OutputMessageHeaderCountThe number of records in the OutputMessageHeader arrays.
OutputMessageHeaderFieldThis property contains the name of the HTTP header (same case as it is delivered).
OutputMessageHeaderValueThis property contains the header contents.
OutputMessageHeadersStringString version of headers from the SMIME message.
OverwriteIndicates whether or not the class should overwrite files.
RecipientCertCountThe number of records in the RecipientCert arrays.
RecipientCertEncodedThe certificate (PEM/base64 encoded).
RecipientCertStoreThe name of the certificate store for the client certificate.
RecipientCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
RecipientCertStoreTypeThe type of certificate store for this certificate.
RecipientCertSubjectThe subject of the certificate used for client authentication.
SignerCertEncodedThe certificate (PEM/base64 encoded).
SignerCertIssuerThe issuer of the certificate.
SignerCertSerialNumberThe serial number of the certificate encoded as a string.
SignerCertStoreThe name of the certificate store for the client certificate.
SignerCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SignerCertStoreTypeThe type of certificate store for this certificate.
SignerCertSubjectThe subject of the certificate used for client authentication.
SignerCertChainCountThe number of records in the SignerCertChain arrays.
SignerCertChainEncodedThe certificate (PEM/base64 encoded).
SigningAlgorithmTextual description of the signature hash algorithm.
UseOAEPWhether to use Optimal Asymmetric Encryption Padding (OAEP).
UsePSSWhether to use RSA-PSS during signing and verification.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddRecipientCertUsed to add recipient certificates used to encrypt messages.
ConfigSets or retrieves a configuration setting.
DecryptDecrypts the current Message .
DecryptAndVerifySignatureDecrypts and verifies the signature of the current message.
EncryptEncrypts the message.
GetRecipientInfoGets the recipient infos for an encrypted message.
GetSignerCertInfoGets the signature information for an signed message.
ResetResets the class properties.
SignSigns the current message.
SignAndEncryptSigns and encrypts the current message.
VerifySignatureVerifies the signature of the current message.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ErrorInformation about errors during data delivery.
RecipientInfoFired for each recipient certificate of the encrypted message.
SignerCertInfoFired during verification of the signed message.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

ApplyB64EncodingInstructs the class to base64 encode the message when signing or encrypting.
CSPThe Cryptographic Service Provider.
GenerateSignatureTimestampWhether to generate timestamps in signatures.
IncludeHeadersTells the class whether to include the headers when encoding the message.
IncludeInternalHeadersTells the class whether or not to include the internal headers when encoding the message.
InputContentTransferEncodingSets the Content-Transfer-Encoding for the signed message.
InputContentTypeSets the Content-Type for the signed message.
InputMessageEncryptedWhether or not the input message is encrypted.
InputMessageSignedWhether or not the input message is signed.
OAEPMGF1HashAlgorithmThe MGF1 hash algorithm used with OAEP.
OAEPParamsThe hex encoded OAEP parameters.
OAEPRSAHashAlgorithmThe RSA hash algorithm used with OAEP.
ParseInternalHeadersTells the class whether or not to parse the message part headers when decrypting a message.
RecipientCertUsed to specify the public certificate when using a PEM key to decrypt.
RecipientCertFileUsed to specify the public certificate file when using a PEM key to decrypt.
RecipientInfoTypeThe type of signer information to include in the signed message.
SignerInfoTypeThe type of signer information to include in the signed message.
UseAlgorithmOIDsWhether OIDs are used when providing information about the algorithms.
UseCryptoAPIWhether to use the Microsoft Crypto API for cryptographic message generation.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
ProcessIdleEventsWhether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillisThe length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseInternalSecurityAPITells the class whether or not to use the system security libraries or an internal implementation.

 
 
Copyright (c) 2021 /n software inc. - All rights reserved.
IPWorks S/MIME 2020 PHP Edition - Version 20.0 [Build 7721]