[openssl-users] CMS questions

Dr. Stephen Henson steve at openssl.org
Tue Feb 24 14:21:06 UTC 2015

On Mon, Feb 23, 2015, Richard Welty wrote:

> i'm starting on some work that needs to use CMS in an
> application, and i'm having trouble getting my head
> wrapped around how to handle the case of verifying
> a signature and then decrypting the enveloped data
> that has been signed. specifically, i'm not grasping
> how to extract the encrypted data to pass to CMS_decrypt
> after verification is done. do i need to use a BIO
> filter for this or is there some other mechanism i'm not
> seeing?

Typically you'd write the signed content to a memory BIO and then decrypt
that. Precisely how you decrypt the enveloped data depends on the format. It
might be in MIME format in which case you'd pass it through the MIME parser.
Alternatively it could be enveloped data content type in which case you'd
decode it as BER form.

There are shortcuts you can make if, for example, you know the signed content
is not detached and in BER form.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list