(PHP ActiveX) Encrypt/Decrypt using PFX to produce -----BEGIN PKCS7----- ... -----END PKCS7-----

First we encrypt using a certificate + public key to produce output such as:

-----BEGIN PKCS7-----
MIIHPwYJKoZIhvcNAQcEoIIHMDCCBywC ...
...
...
-----END PKCS7-----

Then we decrypt using the cert + private key.

Chilkat ActiveX Downloads

ActiveX for 32-bit and 64-bit Windows

Note: The php_com_dotnet.dll may need to be enabled inside of php.ini.

<?php

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Crypt2')
$crypt = new COM("Chilkat.Crypt2");

// Specify the encryption to be used.
// "pki" indicates "Public Key Infrastructure" and will create a PKCS7 encrypted (enveloped) message.
$crypt->CryptAlgorithm = 'pki';
$crypt->Pkcs7CryptAlg = 'aes';
$crypt->KeyLength = 128;
$crypt->OaepHash = 'sha256';
$crypt->OaepPadding = 1;

// A certificate is needed as the encryption key.
// Althought the PFX contains the associated private key, we don't need it for encryption.
// (A certificate usually contains the public key by default.)
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$cert = new COM("Chilkat.Cert");
$success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123');
if ($success != 1) {
    print $cert->LastErrorText . "\n";
    exit;
}

// Tell the crypt object to use the certificate.
$crypt->SetEncryptCert($cert);

$toBeEncrypted = 'This string is to be encrypted.';

// Get the result in multi-line BASE64 MIME format.
$crypt->EncodingMode = 'base64_mime';

$encryptedStr = $crypt->encryptStringENC($toBeEncrypted);
if ($success != 1) {
    print $crypt->LastErrorText . "\n";
    exit;
}

// Make a "-----BEGIN PKCS7-----" ... "-----END PKCS7-----" sandwich...
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sb = new COM("Chilkat.StringBuilder");
$sb->AppendLine('-----BEGIN PKCS7-----',1);
$sb->Append($encryptedStr);
$sb->AppendLine('-----END PKCS7-----',1);

$outStr = $sb->getAsString();

print $outStr . "\n";

// Sample output:

// -----BEGIN PKCS7-----
// MIICXAYJKoZIhvcNAQcDoIICTTCCAkkCAQAxggH0MIIB8AIBADCBrDCBlzELMAkGA1UEBhMCR0Ix
// GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
// Q09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0
// aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEB6M1ZwZdZU7LrAIdurulmUwOAYJKoZIhvcNAQEHMCug
// DzANBglghkgBZQMEAgEFAKEYMBYGCSqGSIb3DQEBCDAJBgUrDgMCGgUABIIBAK/BZG/iXJ8az7zL
// 8EQ77mc+oDPQ4w1hyytK2ip4djkPVvTfYhcoDQ+G/DBU+urJfrVBi5H9gmpXwYyfKlyUxBVRVEJl
// V/V5QQi4JmNTFbmgWh5tp9zDS98l6A2Va4Zs0Wy/owGLfvwitlxd1dsfVAV2hmBYS24BMpNcty5/
// 0atcKYmSou13G78ztTKdMy1tECgZy8kerMsPdDQbSxEZkT3KpQ8C5uEQqYF3bIVaeZzha/Ywieh/
// tvO0T4aAmeJufwkNdVECmU7kuhnNaVPXknFl7jeibTl6zA/VcJKBKcIYT9FRC7KjdooI8q+jtQ/V
// k6RP4POaowkFg1QWRPEWeqIwTAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBAgQQEEFQduqeJqXQXzy4
// JpkoDoAgdldJDB9zEkpMpgr5/fR2iLvh5kC6BPfhOYjsawBY4Ok=
// -----END PKCS7-----

// ----------------------------------------------------------------------------------------
// Let's Decrypt the above string.

// Start with what was produced above..
$sb->Clear();
$bCrlf = 1;
$sb->AppendLine('-----BEGIN PKCS7-----',$bCrlf);
$sb->AppendLine('MIICXAYJKoZIhvcNAQcDoIICTTCCAkkCAQAxggH0MIIB8AIBADCBrDCBlzELMAkGA1UEBhMCR0Ix',$bCrlf);
$sb->AppendLine('GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR',$bCrlf);
$sb->AppendLine('Q09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0',$bCrlf);
$sb->AppendLine('aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEB6M1ZwZdZU7LrAIdurulmUwOAYJKoZIhvcNAQEHMCug',$bCrlf);
$sb->AppendLine('DzANBglghkgBZQMEAgEFAKEYMBYGCSqGSIb3DQEBCDAJBgUrDgMCGgUABIIBAK/BZG/iXJ8az7zL',$bCrlf);
$sb->AppendLine('8EQ77mc+oDPQ4w1hyytK2ip4djkPVvTfYhcoDQ+G/DBU+urJfrVBi5H9gmpXwYyfKlyUxBVRVEJl',$bCrlf);
$sb->AppendLine('V/V5QQi4JmNTFbmgWh5tp9zDS98l6A2Va4Zs0Wy/owGLfvwitlxd1dsfVAV2hmBYS24BMpNcty5/',$bCrlf);
$sb->AppendLine('0atcKYmSou13G78ztTKdMy1tECgZy8kerMsPdDQbSxEZkT3KpQ8C5uEQqYF3bIVaeZzha/Ywieh/',$bCrlf);
$sb->AppendLine('tvO0T4aAmeJufwkNdVECmU7kuhnNaVPXknFl7jeibTl6zA/VcJKBKcIYT9FRC7KjdooI8q+jtQ/V',$bCrlf);
$sb->AppendLine('k6RP4POaowkFg1QWRPEWeqIwTAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBAgQQEEFQduqeJqXQXzy4',$bCrlf);
$sb->AppendLine('JpkoDoAgdldJDB9zEkpMpgr5/fR2iLvh5kC6BPfhOYjsawBY4Ok=',$bCrlf);
$sb->AppendLine('-----END PKCS7-----',$bCrlf);

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Crypt2')
$decrypt = new COM("Chilkat.Crypt2");
$decrypt->CryptAlgorithm = 'pki';

// Use the same cert + private key from the PFX above.
// For decryption, we need the private key.  Given that the certificate was loaded from a PFX,
// we should already have it.
$success = $decrypt->SetDecryptCert($cert);

$decrypt->EncodingMode = 'base64';
$decryptedText = $decrypt->decryptStringENC($sb->getBetween('-----BEGIN PKCS7-----','-----END PKCS7-----'));

print $decryptedText . "\n";

?>