[openssl-users] CMS questions
Richard Welty
rwelty at nwtime.org
Thu Apr 30 22:32:33 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2/24/15 10:10 AM, Dr. Stephen Henson wrote:
> On Tue, Feb 24, 2015, Richard Welty wrote:
>
>> On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
>>>
>>> Typically you'd write the signed content to a memory BIO and then
decrypt
>>> that. Precisely how you decrypt the enveloped data depends on the
format. It
>>> might be in MIME format in which case you'd pass it through the MIME
parser.
>>> Alternatively it could be enveloped data content type in which case
you'd
>>> decode it as BER form.
>>>
>>> There are shortcuts you can make if, for example, you know the
signed content
>>> is not detached and in BER form.
>>>
>> it will not be detached, and will be in BER form. shortcuts (as long as
>> they're
>> in a documented API) are welcome as this is in a path that should be
fast.
>>
>
> So the embedded content type will be enveloped data?
>
> If so first you can check that type using CMS_get0_eContentType().
>
> Then you can use CMS_get0_content() to retrieve the embedded content as a
> pointer to an OCTET STRING pointer. You should check that content is
not NULL
> and then retrieve the encoding of the content using ASN1_STRING_data and
> ASN1_STRING_length.
>
> Once you have those you can decode using d2i_CMS_ContentInfo().
>
> A couple of those functions are currently undocumented (that will be
fixed) but
> nothing in that involves using structure internals.
>
coming back to this after a bit of time; the project is finally getting
fired
up. there are two questions in front of me right now:
1) the documentation on d2i_CMS_ContentInfo() is a bit light on details
about the parameters. what should the first parameter be, a certificate
as with d2i_X509?
2) is there something roughly analogous for encryption? i need
a fast-but-documented path for encrypting and signing data
using BER on the server that will be decrypted client (and vice
versa).
thanks,
richard
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVQq2BAAoJEBg+LdNh/YEc/xwQAL2QH/aH1LUATeAmGmt2h7tk
n4K5ghhrIwCOlrgqXNbSS7qEmrXdRgKPhTZkJVx/Y236hqJt/AqjyB0geCmDIuMi
uOXzPXlWInj6jg9kjGq+jEMeG9Czu1i/DfSJjB01N6asEx8YKvNZUVnNqKj8fkBi
iit0a5/61B26bd8oGVAFfM6gMJMBZRWqbPSFhjPyB2tMWMOfnZ7N08N66qz29/Xk
vKiG1EEj6SRAPTFhzqzLzZphtShWDXeQP6pfrSRJ6AGiTfX2Gvn/7iwUiPUF3sLX
8ULskp3XyWeA/L71vLUNvo49XVdx/7lCj4o8nbCrI+/fgIREPAdI+AzvsxYv8wFH
K/pSYZOL5ag+YiMBt9pfPCxhUebjz4KS9InoT4g15x8DuhosiB/6JWOFsKpHENxX
5TO/tRteopWmQ0PBCbrrBG58Gdg0t7OW6tBM0e13cYLTfUc93eOb7lJhuMOzzkqJ
i6VF99Cosj8WcjZuh4hASVHe7h9pBOlabl8xHlSocbn91Q68RnwpQ12HoQMhjqze
1Za4yaQagcd8OnBoRc8gXCWUGNfLRYjEXdXaKt1AlFWQHa6h2ZcGwgoMukg+Fu1Z
AyY7vaxIPa3wBR1eNhv15hrgwBmoWPzTgoupTbbiP4e5HnmcdWUcjnKvOd+kamQG
SHhG4PeipRKHtJ1OzA5Q
=vlyk
-----END PGP SIGNATURE-----
More information about the openssl-users
mailing list