This looks like a recent change in the v1.0.0 beta *) Update PKCS#7 enveloped data routines to use new API. This is now supported by any public key method supporting the encrypt operation. A ctrl is added to allow the public key algorithm to examine or modify the PKCS#7 RecipientInfo structure if it needs to: for RSA this is a no op. [Steve Henson]
I'm still using version 0.9.8k. I rather not use beta editions! I noticed the magic in the API is encapsulated here now: in = BIO_new_file("encr.txt", "r"); if (!in) goto err; /* encrypt content */ p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); It probably setups the p7 struct and calls PKCS7_dataInit and PKCS7_dataFinal []s Douglas Gemignani On Tue, Jan 12, 2010 at 2:59 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Tue, Jan 12, 2010, Douglas Gemignani wrote: > >> Hello, >> >> I need to generate a pkcs#7 certificate with a enveloped message >> inside it. As far as I understand this message (X509) will be >> encrypted with a random generated TDES key. >> This is my snippet, but it is still incomplete and some comments >> regarding my doubts, I hope someone could help me!! >> >> //Load rsa key above >> data=BIO_new_file("file.txt","r"); >> recipient=PEM_read_bio_X509(data,NULL,NULL,NULL); >> PKCS7_set_type(p7, NID_pkcs7_enveloped); >> PKCS7_add_recipient(p7, recipient); >> EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used?? >> pkey = EVP_PKEY_new(); >> EVP_PKEY_assign_RSA(pkey, rsa); >> PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here >> >> /* >> BIO_puts(data, "Hello World!"); //so here is my data? >> if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err; >> for (;;){ >> i=BIO_read(data,buf,sizeof(buf)); >> if (i <= 0) break; >> BIO_write(p7bio,buf,i); >> } >> BIO_flush(p7bio); >> >> PKCS7_dataFinal(p7, p7bio);*/ >> PEM_write_PKCS7(stdout,p7); >> >> > > Look at the PKCS7_encrypt() manual page and demos/smime/smenc.c > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org