CMS Module (PHP)

Table of Contents

  1. Description
    1. Public Methods
      1. Demo


        The SetaPDF_Signer_Signature_Module_Cms module makes use of an implementation of the CMS (Cryptographic Message Syntax) for digital signatures in plain PHP. It makes use of explicit signed attributes and builds the basis for individual signature modules that need the option to exert influence on the CMS structure.

        The module makes use of the PHP build-in OpenSSL function openssl_sign() to create the final signature. It also gives you the opportunity to use all available digest algorithms. By default it uses SHA-256.

        The certificate needs to be passed as a string or file path and needs to be PEM (Base64) encoded.

        Thie private key data has to be passed as described here.

        Public Methods


        Get the certificate value.


        Get the complete Cryptographic Message Syntax structure.


        Get the digest algorithm.


        Ensures a certificate parameter and parses it into an ASN.1 element object structure.


        Set the signing certificate (PEM).


        Set the digest algorithm to use when signing.


        Add additional certificates which are placed into the CMS structure.


        Set the the private key or a path to the private key file and password argument.


        // create a writer
        $writer = new SetaPDF_Core_Writer_Http('simple.pdf', true);
        // create a new document instance
        $document = SetaPDF_Core_Document::loadByFilename(
            'files/pdfs/tektown/Laboratory-Report.pdf', $writer
        // create a signer instance
        $signer = new SetaPDF_Signer($document);
        // set some signature properties
        $signer->setReason('Testing CMS module');
        $signer->setLocation('SetaPDF-Signer Manual');
        // create a signature module
        $module = new SetaPDF_Signer_Signature_Module_Cms();
        // load the certificate
        $certificate = 'file://files/certificates/setapdf-no-pw.pem';
        $module->setPrivateKey(array($certificate, '' /* no password */));
        // sign the document and send the final document to the initial writer