Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 43206a2d7c
Branches Tags
openssl
/
doc
/
crypto
/
CMS_decrypt.pod

CMS_decrypt.pod 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5.  CMS_decrypt - decrypt content from a CMS envelopedData structure
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/cms.h>
    10. 

  10. 

  11.  int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags);
    12. 

  12. 

  13. =head1 DESCRIPTION
    14. 

  14. 

  15. CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData
    16. 

  16. structure. B<pkey> is the private key of the recipient, B<cert> is the
    17. 

  17. recipient's certificate, B<out> is a BIO to write the content to and
    18. 

  18. B<flags> is an optional set of flags.
    19. 

  19. 

  20. The B<dcont> parameter is used in the rare case where the encrypted content
    21. 

  21. is detached. It will normally be set to NULL.
    22. 

  22. 

  23. =head1 NOTES
    24. 

  24. 

  25. OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
    26. 

  26. function or errors about unknown algorithms will occur.
    27. 

  27. 

  28. Although the recipients certificate is not needed to decrypt the data it is
    29. 

  29. needed to locate the appropriate (of possible several) recipients in the CMS
    30. 

  30. structure. If B<cert> is set to NULL all possible recipients are tried.
    31. 

  31. 

  32. It is possible to determine the correct recipient key by other means (for
    33. 

  33. example looking them up in a database) and setting them in the CMS structure
    34. 

  34. in advance using the CMS utility functions such as CMS_set1_pkey(). In this
    35. 

  35. case both B<cert> and B<pkey> should be set to NULL.
    36. 

  36. 

  37. To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key()
    38. 

  38. and CMS_ReceipientInfo_decrypt() should be called before CMS_decrypt() and
    39. 

  39. B<cert> and B<pkey> set to NULL.
    40. 

  40. 

  41. The following flags can be passed in the B<flags> parameter.
    42. 

  42. 

  43. If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
    44. 

  44. from the content. If the content is not of type B<text/plain> then an error is
    45. 

  45. returned.
    46. 

  46. 

  47. =head1 RETURN VALUES
    48. 

  48. 

  49. CMS_decrypt() returns either 1 for success or 0 for failure.
    50. 

  50. The error can be obtained from ERR_get_error(3)
    51. 

  51. 

  52. =head1 BUGS
    53. 

  53. 

  54. The lack of single pass processing and the need to hold all data in memory as
    55. 

  55. mentioned in CMS_verify() also applies to CMS_decrypt().
    56. 

  56. 

  57. =head1 SEE ALSO
    58. 

  58. 

  59. L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
    60. 

  60. 

  61. =head1 HISTORY
    62. 

  62. 

  63. CMS_decrypt() was added to OpenSSL 0.9.8
    64. 

  64. 

  65. =cut
    66.