[openssl-users] Extract content of DER-encoded package by OID

Dr. Stephen Henson steve at openssl.org
Thu Jul 20 01:32:24 UTC 2017

On Wed, Jul 19, 2017, Justin Mogannam wrote:

> 2) Once again, I'm looking in openssl/cms.h, and I could not find the
> function prototype " d2i_CMS_ContentInfo". I even did a grep on the whole
> directory. Is it located somewhere else? I have OpenSSL 1.0.1, which is
> after 0.9.8 when the function was added to OpenSSL. 



> 3) In looking at the function prototype (via
> https://www.openssl.org/docs/man1.0.2/crypto/d2i_CMS_ContentInfo.html):
> CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, unsigned char
> **pp, long length);
> I'm assuming **pp is just a pointer to the array with the DER-encoded
> certificate in it? I just want to make sure since some of the parameter
> names are a little ambiguous in OpenSSL. 
> I'm assuming once I'm able to get the DER-encoded certificate in a CMS
> object, I can use the function you provided and the ones in cms.h to strip
> off "layers" of the certificate to get the encryptedKeyPackage that I want
> (which, of course as you mentioned, I'll be able to handle the rest from
> there). Thank you very much for your response, as it was very helpful, and I
> hope to get just as useful of a response back!

I'm not sure what you mean by "certificate" here. The structure you mentioned
will be a CMS ContentInfo. 

Anyway see:


for details about how to decode the DER form.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list