[openssl-users] efficient way to encrypt, then sign?
Dr. Stephen Henson
steve at openssl.org
Sat Jul 4 10:53:01 UTC 2015
On Sat, Jul 04, 2015, Richard Welty wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> what is the lowest overhead method for encrypting using
> CMS_encrypt then signing using CMS_sign? it seems like
> using BIO_new_mem_buf ought to do but i don't see a method
> for getting the length of the CMS_ContentInfo object to
> feed to the BIO creation method.
The function i2d_CMS_ContentInfo will return the length and encode the
structure with the appropriate arguments for example:
unsigned char *buf = NULL;
buflen = i2d_CMS_ContentInfo(cms, &buf);
Depending on the format you want there is a lower overhead (in terms of memory
usage) method: you may be able to chain two streaming BIOs and sign encrypted
data on the fly.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users