@@ -541,6 +541,98 @@ This makes use of the :ref:`css Twig namespace <mailer-css-namespace>` we create
541541earlier. You could, for example, `download the foundation-emails.css file `_
542542directly from GitHub and save it in ``assets/css ``.
543543
544+ Signing and Encrypting Messages
545+ -------------------------------
546+
547+ .. versionadded :: 4.4
548+
549+ The option to sign and/or encrypt messages was introduced in Symfony 4.4.
550+
551+ It's possible to sign and/or encrypt email messages applying the `S/MIME `_
552+ standard to increase their integrity/security. Both options can be combined (to
553+ encrypt a signed message and to sign an encrypted message) and they require to
554+ have the `OpenSSL PHP extension `_ properly installed and configured.
555+
556+ Signing Messages
557+ ~~~~~~~~~~~~~~~~
558+
559+ When signing a message, a cryptographic hash is generated for the entire content
560+ of the message (including attachments). This hash is added as an attachment so
561+ the recipient can validate the integrity of the received message. However, the
562+ contents of the original message are still readable for mailing agents not
563+ supporting signed messages, so you must also encrypt the message if you want to
564+ hide its contents::
565+
566+ use Symfony\Component\Mime\Crypto\SMimeSigner;
567+ use Symfony\Component\Mime\Email;
568+
569+ $email = (new Email())
570+ ->from('hello@example.com')
571+ // ...
572+ ->html('...');
573+
574+ $signer = new SMimeSigner('/path/to/certificate.crt', '/path/to/certificate-private-key.key');
575+ // if the private key has a passphrase, pass it as the third argument
576+ // new SMimeSigner('/path/to/certificate.crt', '/path/to/certificate-private-key.key', 'the-passphrase');
577+
578+ $signedEmail = $signer->sign($email);
579+ // now use the Mailer component to send this $signedEmail instead of the original email
580+
581+ The certificate and private key must be `PEM encoded `_, and can be either
582+ created using for example OpenSSL or obtained at an official Certificate
583+ Authority (CA). The email recipient must have the CA certificate in the list of
584+ trusted issuers in order to verify the signature.
585+
586+ .. tip ::
587+
588+ When using OpenSSL to generate certificates, make sure to add the
589+ ``-addtrust emailProtection `` command option.
590+
591+ .. tip ::
592+
593+ The ``SMimeSigner `` class defines other optional arguments to pass
594+ intermediate certificates and to configure the signing process using a
595+ bitwise operator options for :phpfunction: `openssl_pkcs7_sign ` PHP function.
596+
597+ Encrypting Messages
598+ ~~~~~~~~~~~~~~~~~~~
599+
600+ When encrypting a message, the entire message (including attachments) is
601+ encrypted using a certificate. Therefore, only the recipients that have the
602+ corresponding private key can read the original message contents::
603+
604+ use Symfony\Component\Mime\Crypto\SMimeEncrypter;
605+ use Symfony\Component\Mime\Email;
606+
607+ $email = (new Email())
608+ ->from('hello@example.com')
609+ // ...
610+ ->html('...');
611+
612+ $encrypter = new SMimeEncrypter('/path/to/certificate.crt');
613+ $encryptedEmail = $encrypter->encrypt($email);
614+ // now use the Mailer component to send this $encryptedEmail instead of the original email
615+
616+ You can pass more than one certificate to the ``SMimeEncrypter() `` constructor
617+ and it will select the appropriate certificate depending on the ``To `` option::
618+
619+ $firstEmail = (new Email())
620+ // ...
621+ ->to('jane@example.com');
622+
623+ $secondEmail = (new Email())
624+ // ...
625+ ->to('john@example.com');
626+
627+ $encrypter = new SMimeEncrypter([
628+ // key = email recipient; value = path to the certificate file
629+ 'jane@example.com' => '/path/to/first-certificate.crt',
630+ 'john@example.com' => '/path/to/second-certificate.crt',
631+ ]);
632+
633+ $firstEncryptedEmail = $encrypter->encrypt($firstEmail);
634+ $secondEncryptedEmail = $encrypter->encrypt($secondEmail);
635+
544636Sending Messages Async
545637----------------------
546638
@@ -647,3 +739,6 @@ environment:
647739.. _`league/html-to-markdown` : https://github.com/thephpleague/html-to-markdown
648740.. _`Markdown syntax` : https://commonmark.org/
649741.. _`Inky` : https://foundation.zurb.com/emails.html
742+ .. _`S/MIME` : https://en.wikipedia.org/wiki/S/MIME
743+ .. _`OpenSSL PHP extension` : https://php.net/manual/en/book.openssl.php
744+ .. _`PEM encoded` : https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail
0 commit comments