Manual Pages for UNIX Darwin command on man PKCS7_encrypt
MyWebUniversity

Manual Pages for UNIX Darwin command on man PKCS7_encrypt

PKCS7encrypt(3) OpenSSL PKCS7encrypt(3)





NAME
       PKCS7encrypt - create a PKCS#7 envelopedData structure



SYNOPSIS
       PKCS7 *PKCS7encrypt(STACKOF(X509) *certs, BIO *in, const EVPCIPHER
       *cipher, int flags);


DESCRIPTION
       PKCS7encrypt() creates and returns a PKCS#7 envelopedData structure.

       cceerrttss is a list of recipient certificates. iinn is the content to be
       encrypted.  cciipphheerr is the symmetric cipher to use. ffllaaggss is an optional
       set of flags.

NNOOTTEESS

       Only RSA keys are supported in PKCS#7 and envelopedData so the

       recipient certificates supplied to this function must all contain RSA
       public keys, though they do not have to be signed using the RSA
       algorithm.

       EVPdesede3cbc() (triple DES) is the algorithm of choice for S/MIME
       use because most clients will support it.

       Some old "export grade" clients may only support weak encryption using
       40 or 64 bit RC2. These can be used by passing EVPrc240cbc() and
       EVPrc264cbc() respectively.

       The algorithm passed in the cciipphheerr parameter must support ASN1 encoding
       of its parameters.

       Many browsers implement a "sign and encrypt" option which is simply an
       S/MIME envelopedData containing an S/MIME signed message. This can be
       readily produced by storing the S/MIME signed message in a memory BIO
       and passing it to PKCS7encrypt().

       The following flags can be passed in the ffllaaggss parameter.

       If the PPKKCCSS77TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are
       prepended to the data.

       Normally the supplied content is translated into MIME canonical format
       (as required by the S/MIME specifications) if PPKKCCSS77BBIINNAARRYY is set no
       translation occurs. This option should be used if the supplied data is
       in binary format otherwise the translation will corrupt it. If
       PPKKCCSS77BBIINNAARRYY is set then PPKKCCSS77TTEEXXTT is ignored.


RETURN VALUES
       PKCS7encrypt() returns either a valid PKCS7 structure or NULL if an
       error occurred.  The error can be obtained from ERRgeterror(3).


BUGS
       The lack of single pass processing and need to hold all data in memory
       as mentioned in PKCS7sign() also applies to PKCS7verify().


SEE ALSO
       ERRgeterror(3), PKCS7decrypt(3)

HISTORY       PKCS7decrypt() was added to OpenSSL 0.9.5




0.9.7l                            2002-10-09                  PKCS7encrypt(3)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™