PKCS7decrypt(3) OpenSSL PKCS7decrypt(3)

NAME
       PKCS7decrypt - decrypt content from a PKCS#7 envelopedData structure

SYNOPSIS
       int PKCS7decrypt(PKCS7 *p7, EVPPKEY *pkey, X509 *cert, BIO *data, int
       flags);

DESCRIPTION
       PKCS7decrypt() extracts and decrypts the content from a PKCS#7
       envelopedData structure. ppkkeeyy is the private key of the recipient, cceerrtt
       is the recipients certificate, ddaattaa is a BIO to write the content to
       and ffllaaggss is an optional set of flags.

NNOOTTEESS
       OpenSSLaddallalgorithms() (or equivalent) should be called before
       using this function or errors about unknown algorithms will occur.

       Although the recipients certificate is not needed to decrypt the data
       it is needed to locate the appropriate (of possible several) recipients
       in the PKCS#7 structure.

       The following flags can be passed in the ffllaaggss parameter.

       If the PPKKCCSS77TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are
       deleted from the content. If the content is not of type tteexxtt//ppllaaiinn then
       an error is returned.

RETURN VALUES
       PKCS7decrypt() returns either 1 for success or 0 for failure.  The
       error can be obtained from ERRgeterror(3)

BUGS
       PKCS7decrypt() must be passed the correct recipient key and
       certificate. It would be better if it could look up the correct key and
       certificate from a database.

       The lack of single pass processing and need to hold all data in memory
       as mentioned in PKCS7sign() also applies to PKCS7verify().

SEE ALSO
       ERRgeterror(3), PKCS7encrypt(3)

HISTORY       PKCS7decrypt() was added to OpenSSL 0.9.5



0.9.7l                            2002-10-09                  PKCS7decrypt(3)