[openssl-users] Extract content of DER-encoded package by OID

[Dr. Stephen Henson]

On Tue, Jul 18, 2017, Justin Mogannam wrote:

> Hello, 
> I have a signedData package that contains an encryptedKeyPackage
> (specifically OID 2.16.840.1.101.2.1.2.78.2, aka id-ct-KP-encryptedKeyPkg)
> that I want to extract from it. I am somewhat able to extract the sequence
> that contains this data via the OpenSSL command line: 
> 
> $ openssl asn1parse -in <my_pkg.der> -inform DER -strparse <hard-coded
> offset I computed>
> 
> However, I am looking for the OpenSSL calls to do the same thing, ideally
> extract package contents by its OID without having to know the offset (such
> that I can extract the data from any given package by that particular OID).
> How would I go about doing this? I've been looking endlessly into asn1.h and
> x509.h, and am able to somewhat parse the entire package into a structure,
> but I could use some guidance as to how to further break it down into parts.
> Thank you, and I hope to hear a response back soon. 
> 

Well if this follows RFC6032 the outer part will be a ContentInfo structure
which you can parse using d2i_CMS_ContentInfo. From there you can use various
utility functions to analyse it.

For example CMS_get0_eContentType() to get the OID corresponding to the
encapsulated content type and CMS_get0_content() which (if I read the spec
correctly) should get you the EncryptedKeyPackage structure. After that you'll
have to parse it yourself because OpenSSL doesn't support that atructure.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org