[openssl-users] CMS with Symmetric key
Dr. Stephen Henson
steve at openssl.org
Tue Apr 12 19:18:36 UTC 2016
On Mon, Apr 11, 2016, Abe Racioppo wrote:
> Thank you for the responses.
>
> I have implemented encryption that adds a secret key, and secret key id
> using:
> CMS_add0_recipient_key,
> CMS_EncryptData_encrypt,
> SMIME_write_CMS
> The output file looks correct, but I need to decrypt it back to be sure.
>
Ah CMS_EncryptedData_encrypt() just creates the encrypted data type. If you
want to use enveloped data you use CMS_encrypt() first then
CMS_add0_recipient_key() and finally SMIME_write_CMS().
> I would like to be able to get the secret key id from the envelope data to
> then search a database for the key, and then CMS_decrypt. I have yet to
> determine the most straightforward way of getting the key ids from the
> envelope/wrapped content of cms.
>
> Is there a combination if I have SMIME_read the cms from a file like:
> keyId = cms->envelopedData->keyId?
>
> Or do I need to handle a stack_of recipient infos in order to get the key
> id from kekri0_get_id?
>
Yes. You need to use CMS_get0_RecipientInfos() as there can be multiple
recipients of different types.
For each recipient info you check the type with:
CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_KEY
For each match retrieve the key ID using CMS_RecipientInfo_kekri_get0_id().
If the id doesn't match a value in you database continue to the next recipient
info. If no matches return an error.
If you do get a match then call CMS_RecipientInfo_set0_key().
Finally call CMS_decrypt(): setting the key and certificate parameters to
NULL.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list