Re: Stream Encription

Илья Юркевич (Ilya Yurkevich) iliya.yurkevic at
Tue Mar 3 07:25:16 UTC 2020

No, I want to get CMS Enveloped data in the end of the procedure. 
Firstly, I initialize the encryption operation by adding recipient certificates, algorithms, etc., then send the data in chunks for encryption and receive them in an encrypted format for further writing to the file. At the end of the operation, I call the finalizing of the encryption, which adds the final bytes 0x00 0x00 to the cms structure for internal blocks, meaning the end of each cms block - this is what I mean. As far as I know CryptMsgUpdate() in CryptoApi allows it - I'm trying to explain my purpose to you better using examples.
I want to get something similar in OpenSSL. It’s possible?
Now I use such method:
cms = CMS_encrypt(certs, NULL, cipher, CMS_STREAM | CMS_BINARY); //call it once at the start
BIO* input = CMS_dataInit(cms, NULL); //call it once at the start

BIO_write(input, pbData, cbData);//call each time to add another part of data
CMS_dataFinal(cms, input); //call it once in the end of encryption
This method allows me to read data in stream mode and send it to BIO_write(). But I can’t send encrypted data by parts — only after calling CMS_dataFinal() — from cms structure. Thanks for any help.
>Пятница, 28 февраля 2020, 16:55 +03:00 от Dmitry Belyavsky < beldmit at >:
>If you mean encryption/decryption only, I strongly suppose you should look at EVP_CipherInit/Update/Final functions.  
>On Fri, Feb 28, 2020 at 4:53 PM Ilya Yurkevich via openssl-users < openssl-users at > wrote:
>>I have a client, that sends me data, that I need to encrypt, in few steps. I can use such functions in PKCS11: C_EncryptInit (...), C_EncryptUpdate (...), C_EncryptFinal (...). It allows me add data, that will be encrypted at every step, using C_EncryptUpdate   function.
>>In OpenSSL I found CMS_encrypt (...) with flag = CMS_STREAM, but I can't understand how I can add data as I described above or another way? I get data in unsigned char* every time. Any help would be appreciated. Thanks. 
>  --
>SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list