> I have an application which needs to do encryption and decryption of > files which may not fit in main memory. I'm using the PKCS#7 > enveloped-data format, and have implemented the encryption side of > things using Steve Henson's work as a reference:
> Now it's time to implement streaming decryption. I've got it working via > d2i_PKCS7() and PKCS7_decrypt(), but of course that requires the entire > encoded data be in memory. Not in physical memory. It just requires that you be able to provide a virtual memory address for the contents. It doesn't require the whole thing to be in physical memory at the same time. If you're using a 32-bit OS, this may not help you much. Odds are you only have about 1GB of usable virtual memory space. But if you're using a 64-bit OS, you have plenty of virtual memory space and can easily map in a file that vastly exceeds the available physical memory. > As far as I can see, there's no support in > either 0.9.8 or 0.9.9 for streaming decryption, so I'm without a > reference this time. I think the right approach is to build up my own > PKCS7 structure by using ASN1_d2i_bio() on the individual parts, and > then use PKCS7_dataDecode(), passing my own read BIO. Does that sound > right? I don't see an incredibly easy way to do this with OpenSSL's PKCS7 code. Your best bet is probably to write your own PKCS7 layer using OpenSSL's code as a guide. You can use PKCS7_dataDecode to set up the decryption context for you and then use BIOs to stream data into and out of it. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]