Sebbo94BY
commented
3 years ago Good point! The question is only, if it makes sense to add it directly here to this package or if we should outsource it.
Some readings regarding this topic:
- https://www.php.net/manual/en/function.openssl-pkcs7-decrypt.php
- https://www.php.net/manual/en/function.openssl-pkcs7-verify.php
- https://superuser.com/questions/1287582/how-to-decrypt-an-s-mime-encrypted-email-using-openssl-smime
- https://security.stackexchange.com/questions/176329/verify-s-mime-signature-with-no-certificate-included
I understand that the project is called "php-imap" and adding S/MIME support would extend the scope of it, but I think that this would be a very worthwhile extension, as an encrypted message can contain the same parts (e.g. "text content", attachments, etc.) as a unencrypted message.
S/MIME support would mean adding both decrypting S/MIME-encrypted emails, as well as verifying S/MIME-signed emails. I'd love to a) either contribute this functionality or b) sponsoring/paying someone to add it to php-imap under MIT.
Has someone maybe worked on this already? Could you imaging adding this functionality to php-imap? My idea would be to 100% focus on decrypting/verifying. Key management should be left entirely to the users. This could be done by simply giving php-imap a way to add a function like retrieveKey(string $emailAddress) as a parameter. That way each user can implement "retrieveKey" themselves.
Decryption etc. can be done using the openssl_... functions such as openssl_pkcs7_decrypt. After decrypting, it should "reprocess" the message, as e.g. there might be attachments etc. as usual.