Hi, I am about to connect to a web service that requires PKCS#7 enveloped data in the request record and delivers PKCS#7 encrypted data in the reply record.
The service seems to be implemented in Java, and these guys can do the trick to use the encryption key of the request to encrypt the reply. Rather bright idea, but a little clumsy for the use of openssl since there seems to be no way to recover the encryption key when one wants to use PKCS7_encrypt :-( My first approach to this problem was, that I could pass an additional parameter to PKCS7_encrypt and then down to PKCS7_dataInit that, if not NULL, would be used as the key instead of the automatically generated one. That would be a patch against openssl which most propably would require some work in the future. Except, of course, the patch would be useful for someone else and could go into the main dist. My second approach is to dynamically hack the EVP_CIPHER argument, so that i put a hook in front of the init function, that takes the key and stores it in a safe place where it can be recovered after the call. At the moment I like that one. I just started to investigate openssl for this particular problem, so please apologize if I'm missing something obvious ;-) cu, Hanno ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]