Re: PKCS#7 enveloped message

Tue, 12 Jan 2010 10:34:20 -0800 

This looks like a recent change in the v1.0.0 beta
  *) Update PKCS#7 enveloped data routines to use new API. This is now
     supported by any public key method supporting the encrypt operation. A
     ctrl is added to allow the public key algorithm to examine or modify
     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
     a no op.
     [Steve Henson]

I'm still using version 0.9.8k. I rather not use beta editions!

I noticed the magic in the API is encapsulated here now:

in = BIO_new_file("encr.txt", "r");
if (!in)        goto err;

/* encrypt content */
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);

It probably setups the p7 struct and calls PKCS7_dataInit and PKCS7_dataFinal

[]s
Douglas Gemignani



On Tue, Jan 12, 2010 at 2:59 PM, Dr. Stephen Henson <st...@openssl.org> wrote:
> On Tue, Jan 12, 2010, Douglas Gemignani wrote:
>
>> Hello,
>>
>> I need to generate a pkcs#7 certificate with a enveloped message
>> inside it. As far as I understand this message (X509) will be
>> encrypted with a random generated TDES key.
>> This is my snippet, but it is still incomplete and some comments
>> regarding my doubts, I hope someone could help me!!
>>
>> //Load rsa key above
>> data=BIO_new_file("file.txt","r");
>> recipient=PEM_read_bio_X509(data,NULL,NULL,NULL);
>> PKCS7_set_type(p7, NID_pkcs7_enveloped);
>> PKCS7_add_recipient(p7, recipient);
>> EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used??
>> pkey = EVP_PKEY_new();
>> EVP_PKEY_assign_RSA(pkey, rsa);
>> PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here
>>
>> /*
>> BIO_puts(data, "Hello World!"); //so here is my data?
>> if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err;
>> for (;;){
>> i=BIO_read(data,buf,sizeof(buf));
>> if (i <= 0) break;
>> BIO_write(p7bio,buf,i);
>> }
>> BIO_flush(p7bio);
>>
>> PKCS7_dataFinal(p7, p7bio);*/
>> PEM_write_PKCS7(stdout,p7);
>>
>>
>
> Look at the PKCS7_encrypt() manual page and demos/smime/smenc.c
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-us...@openssl.org
> Automated List Manager                           majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to