[openssl-users] CMS questions
rwelty at nwtime.org
Thu Apr 30 22:32:33 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 2/24/15 10:10 AM, Dr. Stephen Henson wrote:
> On Tue, Feb 24, 2015, Richard Welty wrote:
>> On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
>>> Typically you'd write the signed content to a memory BIO and then
>>> that. Precisely how you decrypt the enveloped data depends on the
>>> might be in MIME format in which case you'd pass it through the MIME
>>> Alternatively it could be enveloped data content type in which case
>>> decode it as BER form.
>>> There are shortcuts you can make if, for example, you know the
>>> is not detached and in BER form.
>> it will not be detached, and will be in BER form. shortcuts (as long as
>> in a documented API) are welcome as this is in a path that should be
> So the embedded content type will be enveloped data?
> If so first you can check that type using CMS_get0_eContentType().
> Then you can use CMS_get0_content() to retrieve the embedded content as a
> pointer to an OCTET STRING pointer. You should check that content is
> and then retrieve the encoding of the content using ASN1_STRING_data and
> Once you have those you can decode using d2i_CMS_ContentInfo().
> A couple of those functions are currently undocumented (that will be
> nothing in that involves using structure internals.
coming back to this after a bit of time; the project is finally getting
up. there are two questions in front of me right now:
1) the documentation on d2i_CMS_ContentInfo() is a bit light on details
about the parameters. what should the first parameter be, a certificate
as with d2i_X509?
2) is there something roughly analogous for encryption? i need
a fast-but-documented path for encrypting and signing data
using BER on the server that will be decrypted client (and vice
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
More information about the openssl-users