Hello, I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). I use this procedure to encrypt so that I can retreive the encrypted buffer into a char* (and not into a file). Here is the code:
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) return 0; char* chTest = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); BIO_get_mem_data(memorybio, &chTest); cout << chTest << "\n"; Now, when I want to do the reverse, I do as follows: BIO* memorybio = BIO_new(BIO_s_mem()); int iLength = BIO_puts(memorybio, chEnc); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* inbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ BIO_flush(inbio); BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY); p7 = d2i_PKCS7_bio(inbio, &p7); if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) return 0; The problem is that the PKCS7_decrypt does not work and it is not derypting correctly. Any idea how to solve it? Looking forward to your suggestions and comments. Thanks ________________________________ From: Florian Rüchel <florian.ruec...@ruhr-uni-bochum.de> To: openssl-users@openssl.org Sent: Monday, June 25, 2012 3:32 PM Subject: Re: Convert PKCS7_encrypt output to char* Hi, A good idea might be to use the following sequence to create a base64 encoded output (safe to send over network): memorybio = BIO_new(BIO_s_mem()); base64bio = BIO_new(BIO_f_base64()); outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ i2d_PKCS7_bio(outbio, s->request_p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); s->request_len = BIO_get_mem_data(memorybio, &s->request_payload); I took this from a software called "sscep" just for reference. It base64 encodes the data and sends it over the network. On the other side it is easy to base64 decode it. As such it gives you the guarantee it is decoded correctly. On the other side you should of course also have the reverse chain, but I don't have an example at hand for that. Regards On 25.06.2012 15:04, Mohammad Khodaei wrote: > Hello, > > I want to encrypt a small data using recipient public key and decrypt > it on the receiver side using recipient private key. I chose > "PKCS7_encrypt" and "PKCS7_decrypt" api to do so. Are they the > correct > functions? Is there any other alternative? > > Now my problem is that I want to convert the encrypted output of > "PKCS7_encrypt" to char* to send it over TCP. I used > "i2d_PKCS7_fp", "d2i_PKCS7_bio" and "d2i_PKCS7_fp" to first write > them in the file and later on read them and send them. Here is the > procedure to encrypt: > >> P7 = PKCS7_ENCRYPT(RECIPS, IN, EVP_DES_EDE3_CBC(), FLAGS); >> >> IF (!P7) >> >> GOTO ERR; >> >> FILE *FP = NULL; >> >> CHAR *FILE = "HELLO"; >> >> SIZE_T LEN = 0; >> >> FP = FOPEN(FILE, "W"); >> >> IF (FP == NULL) { >> >> PRINTF("ERROR IN OPENING A FILE..", FILE); >> >> } >> >> I2D_PKCS7_FP(FP, P7); >> >> FCLOSE(FP); > > And here is the code to decrypt? Is the procedure to convert is > correct? > >> FILE *P = NULL; >> >> CHAR *FILE = "HELLO"; >> >> P = FOPEN(FILE, "R"); >> >> IF (P == NULL) { >> >> PRINTF("ERROR IN OPENING A FILE..", FILE); >> >> } >> >> D2I_PKCS7_FP(P, &P7); >> >> FCLOSE(P); >> >> IF (!P7) >> >> GOTO ERR; >> >> BIO* OUT; >> >> D2I_PKCS7_BIO(OUT, &P7); >> >> >> >> IF (!(&OUT2)) >> >> GOTO ERR; >> >> /* DECRYPT S/MIME MESSAGE */ >> >> IF (!PKCS7_DECRYPT(P7, RKEY, RCERT, &OUT, 0)) >> >> GOTO ERR; > > It does not work and even the "out" is not initialized. Any > suggestion? > > Thanks a lot ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org