Hi,
I am about to connect to a web service that requires PKCS#7 enveloped
data in the request record and delivers PKCS#7 encrypted data in the
reply record.
The service seems to be implemented in Java, and these guys can do the
trick to use the encryption key of the request to encrypt the reply.
Rather bright idea, but a little clumsy for the use of openssl since
there seems to be no way to recover the encryption key when one wants
to use PKCS7_encrypt :-(
My first approach to this problem was, that I could pass an additional
parameter to PKCS7_encrypt and then down to PKCS7_dataInit that, if not
NULL, would be used as the key instead of the automatically generated
one. That would be a patch against openssl which most propably would
require some work in the future. Except, of course, the patch would be
useful for someone else and could go into the main dist.
My second approach is to dynamically hack the EVP_CIPHER argument, so
that i put a hook in front of the init function, that takes the key and
stores it in a safe place where it can be recovered after the call. At
the moment I like that one.
I just started to investigate openssl for this particular problem, so
please apologize if I'm missing something obvious ;-)
cu,
Hanno
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
