New in Symfony 4.4: Signing and Encrypting Email Messages
Symfony 4.4 will be released in November 2019. This is the first article of the series that shows the most important new features introduced by this Symfony version.
The new Mailer and Mime components were introduced in Symfony 4.3 to replace the previous solution based on SwiftMailer. In Symfony 4.4 we've improved them with new features to allow signing and encrypting email messages using the S/MIME standard.
Signing a message improves its integrity because it includes a digital signature of the hash of the entire email contents, ensuring that the original contents haven't been modified:
1 2 3 4 5 6 7 8
use Symfony\Component\Mime\Crypto\SMimeSigner; use Symfony\Component\Mime\Email; $email = (new Email())->from('...')->to('...')->html('...'); $signer = new SMimeSigner('/path/to/certificate.crt', '/path/to/certificate-private-key.key'); $signedEmail = $signer->sign($email); // now use the Mailer to send this $signedEmail instead of the original $email
Encrypting a message improves its security because its contents, including any attachments, can only be read if you have the private key associated to the public key used to encrypt them:
1 2 3 4 5 6 7 8
use Symfony\Component\Mime\Crypto\SMimeEncrypter; use Symfony\Component\Mime\Email; $email = (new Email())->from('...')->to('...')->html('...'); $encrypter = new SMimeEncrypter('/path/to/certificate.crt'); $encryptedEmail = $encrypter->encrypt($email); // now use the Mailer to send this $encryptedEmail instead of the original $email
Read the Signing and Encrypting Messages article in the official Symfony documentation to learn more about this feature.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
+Encrypting a message improves its security because its contents, including any attachments, can only be read if you have the public key associated to the private key used to encrypt them:
Do you consider extending this to support GnuPG (PGP) signatures & encryption as well? Creating PGP keys is a bit easier (and cheaper) than obtaining a certificate from a trusted authority. Depending on a situation and scenario, it may be more practical (e.g., for sensitive system notifications).
-- Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.
So I'm confused, does it technically work, but will email clients support it?