Manuel Mollar wrote:
>
> Building a enveloped message with the 'enc.c' program, I see the call
>
> PKCS7_add_recipient(p7,sk_X509_value(recips, i))
>
> for every recipient.
>
> The source code of PKCS7_add_recipient does:
>
> 1. a call to
>
> PKCS7_RECIP_INFO_set(ri,x509)
>
> that does:
>
> p7i->cert=x509
>
> 2. a call to
>
> PKCS7_add_recipient_info(p7,ri)
>
> that pushes ri into the stack of p7
>
> So, I conclude that the call to PKCS7_add_recipient adds a copy of the
> certificate of the destination. And using gdb I have verified it.
> But, when the program 'enc' finishes, the generated pkcs7 object does
> not contain this certificates, only the issuer_and_serial.
> In fact, this is what I expected before reading the code.
> Can someone explain what happens?
>
It adds a copy of the certificate because the internal code uses the
certificate to fill in the issuer and serial number and encrypt the
message key with the certificates public key. However just because it
includes the certificate doesn't mean that it has to output it.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
