CMS Flag/常量

CMS 函数使用 flag,这些 flag 使用位字段指定,位字段可以包含以下一个或多个值:

常量名 说明
OPENSSL_CMS_TEXT 将 text/plain 内容类型标头添加到加密/签名消息中。如果解密或验证,将从输出中去除这些标头;如果解密或验证的消息不是 MIME 类型 text/plain,则会发生错误。
OPENSSL_CMS_BINARY 通常,输入消息被转换为有效使用 CRLF 作为行尾的“canonical”格式:按照 CMS 规范的要求。存在此选项时,不会发生翻译。这在处理可能不是 CMS 格式的二进制数据时很有用。
OPENSSL_CMS_NOINTERN 验证消息时,通常会搜索消息中包含的证书(如果有)以查找签名证书。使用此选项仅使用在 openssl_cms_verify()untrusted_certificates_filename 参数中指定的证书。但是,提供的证书仍可用作不受信任的 CA。
OPENSSL_CMS_NOCERTS When signing a message the signer's certificate is normally included - with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the untrusted_certificates_filename to openssl_cms_verify() for example).
OPENSSL_CMS_NOATTR Normally when a message is signed, a set of attributes are included which include the signing time and the supported symmetric algorithms. With this option they are not included.
OPENSSL_CMS_DETACHED When signing a message, use cleartext signing with the MIME type "multipart/signed". This is the default if you do not specify any flags to openssl_cms_sign(). If you turn this option off, the message will be signed using opaque signing, which is more resistant to translation by mail relays but cannot be read by mail agents that do not support S/MIME.
OPENSSL_CMS_NOSIGS Don't try and verify the signatures on a message
OPENSSL_CMS_OLDMIMETYPE 自 PHP 8.3.0 起可用。 将 content-type 设置为 application/x-pkcs7-mime,而不是 application/pkcs7-mime 来加密消息。

add a note

User Contributed Notes

There are no user contributed notes for this page.
To Top