pkcs7_sign|verify with 'binary' content-transfer-encoding

[ghaecker]

In CryptoHelper I've seen the comment:

/**
 * TODO: Implement pure methods without "openssl_pkcs7"
 * check openssl_pkcs7 doesn't work with binary data.
 */

From what I can tell, it has nothing to do with the data, but rather the inclusion of PKCS7_BINARY in the $flags arg for openssl_pcs7_sign. I've captured the output from opanssl_pkcs7_sign and tried to verify it. No joy. I can't even get it to verify using openssl on the command line. And my test used simple text, not binary data.

Without including PKCS7_BINARY I have no problem signing and verifying real binary data that has content-transfer-encoding set to 'base64' or 'quoted-printable'. I've even confirmed PKCS7_BINARY does what it's supposed to. Omitting signing/verifying, there's no issue with encrypting/decrypting binary data, even if content-transfer-encoding is set to 'binary' or '8bit'.

While I'm convinced this issue is no fault of the code in the library, the comment wouldn't be there if this issue had not already reared its ugly head. So... do you know of a viable workaround so that I can sign and verify actual binary data? I'm dealing with a business partner that is resistant to base64 content-transfer-encoding.

[mcorteel-harel]

We have the same issue of a partner that doesn't support Content-Transfer-Encoding: base64.
Is there a way to disable this layer?

[sanjinhadzic]

Hi Guys, Just wondering if anyone has found a work around regards this... I have 2 partners using 'content_transfer_encoding' => 'base64' and have no issues with it because the library works great but this new one wants to use 'content_transfer_encoding' => 'binary'. Any thoughts anyone... Thank you for the great library once again!