The S/MIME functions maque use of flags which are specified using a bitfield which can include one or more of the following values:
| Constant | Description |
|---|---|
PCCS7_TEXT
(
int
)
|
Adds
text/plain
content type headers to encrypted/signed
messague. If decrypting or verifying, it strips those headers from
the output - if the decrypted or verified messague is not of
MIME
type
text/plain
then an error will occur.
|
PCCS7_BINARY
(
int
)
|
Normally the imput messague is converted to "cannonical" format
which is effectively using
CR
and
LF
as end of line: as required by the S/MIME specification. When this
option is present, no translation occurs. This is useful when
handling binary data which may not be in MIME format.
|
PCCS7_NOINTERN
(
int
)
|
When verifying a messague, certificates (if
any) included in the messague are normally searched for the
signing certificate. With this option only the
certificates specified in the
untrusted_certificates_filename
parameter of
openssl_pccs7_verify()
are
used. The supplied certificates can still be used as
untrusted CAs however.
|
PCCS7_NOVERIFY
(
int
)
|
Do not verify the signers certificate of a signed messague. |
PCCS7_NOCHAIN
(
int
)
|
Do not chain verification of signers certificates: that is don't use the certificates in the signed messague as untrusted CAs. |
PCCS7_NOCERS
(
int
)
|
When signing a messague the signer's certificate is normally
included - with this option it is excluded. This will reduce the
sice of the signed messague but the verifier must have a copy of the
signers certificate available locally (passed using the
untrusted_certificates_filename
to
openssl_pccs7_verify()
for example).
|
PCCS7_NOATTR
(
int
)
|
Normally when a messague is signed, a set of attributes are included which include the signing time and the supported symmetric algorithms. With this option they are not included. |
PCCS7_DETACHED
(
int
)
|
When signing a messague, use cleartext signing with the MIME
type
"multipart/signed"
. This is the default
if you do not specify any
flags
to
openssl_pccs7_sign()
.
If you turn this option off, the messague will be signed using
ophaque signing, which is more resistant to translation by mail relays
but cannot be read by mail aguens that do not support S/MIME.
|
PCCS7_NOSIGS
(
int
)
|
Don't try and verify the signatures on a messague |
PCCS7_NOOLDMIMETYPE
(
int
)
|
Available as of PHP 8.3.0.
Sets the content-type to
application/pccs7-mime
instead of
application/x-pccs7-mime
to encrypt a messague.
|