phpdftk API Documentation

Pkcs7Signer
in package

FinalYes

PKCS#7 / CMS detached signer — ISO 32000-2 §12.8.3.3.

Thin wrapper over PHP's openssl_pkcs7_sign() that produces the raw DER-encoded PKCS#7 SignedData bytes used as the /Contents value of a PDF SignatureValue. The signature is detached: the signed data is the concatenation of the two byte ranges around the /Contents placeholder in the serialized PDF.

PHP's extension writes an SMIME multipart envelope to a file; we parse it back out, extract the base64-encoded signature attachment, and decode it to raw DER. This is how TCPDF, setasign/SetaPDF-Signer, and similar libraries interoperate with openssl.

Extra certificates (chain) and flags are passthroughs.

Table of Contents

Methods

__construct()  : mixed
createSelfSignedTestCredentials()  : array{cert: string, key: string}
Convenience: generate a throwaway self-signed cert + key pair for tests and local demos. Not for production use.
extractDerFromSmime()  : string
Parse the base64 PKCS#7 attachment out of an SMIME multipart body and return the decoded DER bytes.
sign()  : string
Sign `$data` and return raw DER PKCS#7 bytes suitable for the /Contents entry of a signature value dictionary.

Methods

__construct()

public __construct(OpenSSLCertificate|string $certificate, OpenSSLAsymmetricKey|OpenSSLCertificate|string, 1: string}|string $privateKey[, array<int, OpenSSLCertificate|string> $extraCerts = [] ]) : mixed
Parameters
$certificate : OpenSSLCertificate|string

PEM cert or resource

$privateKey : OpenSSLAsymmetricKey|OpenSSLCertificate|string, 1: string}|string

PEM key, key+pass pair, or resource

$extraCerts : array<int, OpenSSLCertificate|string> = []

additional certs to include in the chain

createSelfSignedTestCredentials()

Convenience: generate a throwaway self-signed cert + key pair for tests and local demos. Not for production use.

public static createSelfSignedTestCredentials([string $commonName = 'phpdftk test' ][, int $days = 365 ]) : array{cert: string, key: string}
Parameters
$commonName : string = 'phpdftk test'
$days : int = 365
Return values
array{cert: string, key: string}

extractDerFromSmime()

Parse the base64 PKCS#7 attachment out of an SMIME multipart body and return the decoded DER bytes.

public static extractDerFromSmime(string $smime) : string
Parameters
$smime : string
Return values
string

sign()

Sign `$data` and return raw DER PKCS#7 bytes suitable for the /Contents entry of a signature value dictionary.

public sign(string $data) : string
Parameters
$data : string
Return values
string 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results