PHP openssl_pkcs7_verify不能正常工作

Question

我使用pkcs7来签署一个文件，一切正常，问题是验证标志的命令不工作，总是返回false。我尝试使用终端命令进入该文件并正常工作。

注册命令：

openssl_pkcs7_sign(
    $tempdoc, 
    $tempsign, 
    $this->signature_data['signcert'], 
    array($this->signature_data['privkey'], 
    $this->signature_data['password']), 
    array(), 
    PKCS7_BINARY | PKCS7_DETACHED); 

验证命令：

openssl_pkcs7_verify($tempsign, PKCS7_NOVERIFY) 

终端命令：

openssl pkcs7 -inform DER -in signature.pkcs7 -print_certs -text 

编辑1
我做测试，在我的代码，如果我创造我的标志，只有PKCS7_DETACHED或PKCS7_BINARY工作正常的验证探索，但都在一起，收到了错误。为什么发生这种情况？

Answer 1

这里用PHP 7我可以重现你的问题。使用这两个标志验证失败。

也许THIS URL可以帮到你，这部分讲的很对。

SMIME -sign "detached" "attaches" content similarly as-is with -binary and text-canonicalized without, and signs that. SMIME -verify recognizes "detached", but (in multi_split) always canonicalizes both parts before using them. For content that was sent noncanonical (with -sign -binary or equivalent) this changes the signed content, and verify fails. Content that was canonical as sent (originally canonical or canonicalized by sender) does verify and similarly is output without determining if sender changed it.

在docs您可以阅读解析器是不是聪明的：

BUGS

The MIME parser isn't very clever: it seems to handle most messages that I've thrown at it but it may choke on others.

希望它能帮助！