[openssl-users] efficient way to encrypt, then sign?

Dr. Stephen Henson steve at openssl.org
Sat Jul 4 10:53:01 UTC 2015

On Sat, Jul 04, 2015, Richard Welty wrote:

> Hash: SHA256
> what is the lowest overhead method for encrypting using
> CMS_encrypt then signing using CMS_sign? it seems like
> using BIO_new_mem_buf ought to do but i don't see a method
> for getting the length of the CMS_ContentInfo object to
> feed to the BIO creation method.

The function i2d_CMS_ContentInfo will return the length and encode the
structure with the appropriate arguments for example:

unsigned char *buf = NULL;
int buflen;

buflen = i2d_CMS_ContentInfo(cms, &buf);

Depending on the format you want there is a lower overhead (in terms of memory
usage) method: you may be able to chain two streaming BIOs and sign encrypted
data on the fly.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list