Search code examples
phpsecurityphpmailerdigital-certificatesmime

PHPMailer and S/MIME


For a school assignment we have to send secure emails coming from a bank (we are the bank). In order to secure these emails im using PHPMailer. PHPMailer contains a Sign($cert_filename, $key_filename, $key_pass) method that signs the email using a certificate. I'm guessing that this is making the email 'secure' and that the customer can really know it is the bank sending the email. I'm sending the emails over my own domain using SMTP.

In order to get the certificate i've created a certificate at this website, that got installed in my browser.

Now the question is: how do I use that certificate to sign the emails i'm sending using my PHP script and PHPMailer? I've exported the certificate from my browser (FF), which results in a .p12 file, but i think the .p12 file isn't what im looking for.

Any help would be appreciated.


Solution

  • In your class.phpmailer.php file change a data:

    public   $sign_cert_file = ’’; 
    public   $sign_key_file  = ’’; 
    public   $sign_key_pass  = ’’; 
    

    than locate that appears:

    if (@openssl_pkcs7_sign($file, $signed, "file://".$this->sign_cert_file, array("file://".$this->sign_key_file, $this->sign_key_pass), null)) {
    

    and change to:

    if (@openssl_pkcs7_sign($file, $signed, file_get_contents($this->sign_cert_file), array(file_get_contents($this->sign_key_file), $this->sign_key_pass), null)){
    

    This mean that you got via object $this->sign_key_file instead of file inclusion file://

    Than change your temp name:

    $file = tempnam(’’, ’mail’);
    ...
    $signed = tempnam("", "signed");
    

    to:

    $file = tempnam(’./tmp/’, ’mail’);
    ...
    $signed = tempnam("./tmp/", "signed");
    

    This means that you are using on a tmp directory server.

    And now how example show of sending and putting cert file of data:

    require("class.phpmailer.php");
    $mail = new PHPMailer();
    $mail->IsMail();
    
    $mail->AddAddress("[email protected]");
    $mail->Subject = "Test 1";
    $mail->Body = "Test 1 of PHPMailer.";
    
    // CUSTOMISED SIGN EMAIL : START
    $mail->sign_cert_file="/xxx/key.pem";
    $mail->sign_key_file="/xxx/key.pem";
    $mail->sign_key_pass="yyy";
    // CUSTOMISED SIGN EMAIL : END
    
    $mail->Send(); // Send encrypted email!