[openssl-users] CMS questions

Dr. Stephen Henson steve at openssl.org
Tue Feb 24 15:10:22 UTC 2015


On Tue, Feb 24, 2015, Richard Welty wrote:

> On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
> >
> > Typically you'd write the signed content to a memory BIO and then decrypt
> > that. Precisely how you decrypt the enveloped data depends on the format. It
> > might be in MIME format in which case you'd pass it through the MIME parser.
> > Alternatively it could be enveloped data content type in which case you'd
> > decode it as BER form.
> >
> > There are shortcuts you can make if, for example, you know the signed content
> > is not detached and in BER form.
> >
> it will not be detached, and will be in BER form. shortcuts (as long as
> they're
> in a documented API) are welcome as this is in a path that should be fast.
> 

So the embedded content type will be enveloped data?

If so first you can check that type using CMS_get0_eContentType().

Then you can use CMS_get0_content() to retrieve the embedded content as a
pointer to an OCTET STRING pointer. You should check that content is not NULL
and then retrieve the encoding of the content using ASN1_STRING_data and
ASN1_STRING_length.

Once you have those you can decode using d2i_CMS_ContentInfo().

A couple of those functions are currently undocumented (that will be fixed) but
nothing in that involves using structure internals.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list