Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
查找文件 普通视图历史永久链接Permalink
CMS_add1_recipient_cert.pod 2.3 KB
Newer Older
D
Initial CMS API documentation.  
Dr. Stephen Henson 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 
=pod

=head1 NAME

 CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure

=head1 SYNOPSIS

 #include <openssl/cms.h>

 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags);

 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType);

=head1 DESCRIPTION

CMS_add1_recipient_cert() adds a recipient certificate B<recip> 
CMS_ContentInfo enveloped data structure B<cms> as a KeyTransRecipientInfo
structure.

CMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using
wrapping algorithm B<nid>, identifier B<id> or length B<idlen> and optional
D
Spellcheck CMS docs.  
Dr. Stephen Henson 已提交
23 
values B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped
D
Initial CMS API documentation.  
Dr. Stephen Henson 已提交
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
data structure B<cms> as a KEKRecipientInfo structure.

The CMS_ContentInfo structure should be obtained from an initial call to
CMS_encrypt() with the flag B<CMS_PARTIAL> set.

=head1 NOTES

The main purpose of this function is to provide finer control over a CMS
enveloped data structure where the simpler CMS_encrypt() function defaults are
not appropriate. For example if one or more KEKRecipientInfo structures
need to be added. New attributes can also be added using the returned
CMS_RecipientInfo structure and the CMS attribute utility functions.

OpenSSL will by default identify recipient certificates using issuer name
and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
identifier value instead. An error occurs if all recipient certificates do not
have a subject key identifier extension.

Currently only AES based key wrapping algorithms are supported for B<nid>,
specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap.
If B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used
consistent with B<keylen>.

=head1 RETURN VALUES

CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal
pointer to the CMS_RecipientInfo structure just added or NULL if an error
occurs.

=head1 SEE ALSO

L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)>,
L<CMS_final(3)|CMS_final(3)>,

=head1 HISTORY

CMS_add1_recipient_cert() and CMS_add0_recipient_key() were added to OpenSSL
0.9.8

=cut