Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 79c44b4e30
Branches Tags
openssl
/
doc
/
man3
/
CMS_get0_RecipientInfos.pod

CMS_get0_RecipientInfos.pod 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. CMS_get0_RecipientInfos, CMS_RecipientInfo_type,
    6. 

  6. CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp,
    7. 

  7. CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id,
    8. 

  8. CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key,
    9. 

  9. CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt
    10. 

  10. - CMS envelopedData RecipientInfo routines
    11. 

  11. 

  12. =head1 SYNOPSIS
    13. 

  13. 

  14.  #include <openssl/cms.h>
    15. 

  15. 

  16.  STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
    17. 

  17.  int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
    18. 

  18. 

  19.  int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
    20. 

  20.                                            ASN1_OCTET_STRING **keyid,
    21. 

  21.                                            X509_NAME **issuer,
    22. 

  22.                                            ASN1_INTEGER **sno);
    23. 

  23.  int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
    24. 

  24.  int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
    25. 

  25. 

  26.  int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
    27. 

  27.                                      ASN1_OCTET_STRING **pid,
    28. 

  28.                                      ASN1_GENERALIZEDTIME **pdate,
    29. 

  29.                                      ASN1_OBJECT **potherid,
    30. 

  30.                                      ASN1_TYPE **pothertype);
    31. 

  31.  int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
    32. 

  32.                                     const unsigned char *id, size_t idlen);
    33. 

  33.  int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
    34. 

  34.                                 unsigned char *key, size_t keylen);
    35. 

  35. 

  36.  int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
    37. 

  37.  int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
    38. 

  38. 

  39. =head1 DESCRIPTION
    40. 

  40. 

  41. The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo
    42. 

  42. structures associated with a CMS EnvelopedData structure.
    43. 

  43. 

  44. CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B<ri>.
    45. 

  45. It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE,
    46. 

  46. CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
    47. 

  47. 

  48. CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
    49. 

  49. identifier associated with a specific CMS_RecipientInfo structure B<ri>, which
    50. 

  50. must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
    51. 

  51. B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
    52. 

  52. 

  53. CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
    54. 

  54. CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
    55. 

  55. It returns zero if the comparison is successful and non zero if not.
    56. 

  56. 

  57. CMS_RecipientInfo_set0_pkey() associates the private key B<pkey> with
    58. 

  58. the CMS_RecipientInfo structure B<ri>, which must be of type
    59. 

  59. CMS_RECIPINFO_TRANS.
    60. 

  60. 

  61. CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the
    62. 

  62. CMS_RecipientInfo structure B<ri> which must be of type CMS_RECIPINFO_KEK.  Any
    63. 

  63. of the remaining parameters can be NULL if the application is not interested in
    64. 

  64. the value of a field. Where a field is optional and absent NULL will be written
    65. 

  65. to the corresponding parameter. The keyEncryptionAlgorithm field is written to
    66. 

  66. B<palg>, the B<keyIdentifier> field is written to B<pid>, the B<date> field if
    67. 

  67. present is written to B<pdate>, if the B<other> field is present the components
    68. 

  68. B<keyAttrId> and B<keyAttr> are written to parameters B<potherid> and
    69. 

  69. B<pothertype>.
    70. 

  70. 

  71. CMS_RecipientInfo_kekri_id_cmp() compares the ID in the B<id> and B<idlen>
    72. 

  72. parameters against the B<keyIdentifier> CMS_RecipientInfo structure B<ri>,
    73. 

  73. which must be of type CMS_RECIPINFO_KEK.  It returns zero if the comparison is
    74. 

  74. successful and non zero if not.
    75. 

  75. 

  76. CMS_RecipientInfo_set0_key() associates the symmetric key B<key> of length
    77. 

  77. B<keylen> with the CMS_RecipientInfo structure B<ri>, which must be of type
    78. 

  78. CMS_RECIPINFO_KEK.
    79. 

  79. 

  80. CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure
    81. 

  81. B<ri> in structure B<cms>. A key must have been associated with the structure
    82. 

  82. first.
    83. 

  83. 

  84. CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure
    85. 

  85. B<ri> in structure B<cms>. A key must have been associated with the structure
    86. 

  86. first and the content encryption key must be available: for example by a
    87. 

  87. previous call to CMS_RecipientInfo_decrypt().
    88. 

  88. 

  89. =head1 NOTES
    90. 

  90. 

  91. The main purpose of these functions is to enable an application to lookup
    92. 

  92. recipient keys using any appropriate technique when the simpler method
    93. 

  93. of CMS_decrypt() is not appropriate.
    94. 

  94. 

  95. In typical usage and application will retrieve all CMS_RecipientInfo structures
    96. 

  96. using CMS_get0_RecipientInfos() and check the type of each using
    97. 

  97. CMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure
    98. 

  98. can be ignored or its key identifier data retrieved using an appropriate
    99. 

  99. function. Then if the corresponding secret or private key can be obtained by
    100. 

  100. any appropriate means it can then associated with the structure and
    101. 

  101. CMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called
    102. 

  102. with a NULL key to decrypt the enveloped content.
    103. 

  103. 

  104. The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an
    105. 

  105. existing enveloped data structure. Typically an application will first decrypt
    106. 

  106. an appropriate CMS_RecipientInfo structure to make the content encrypt key
    107. 

  107. available, it will then add a new recipient using a function such as
    108. 

  108. CMS_add1_recipient_cert() and finally encrypt the content encryption key
    109. 

  109. using CMS_RecipientInfo_encrypt().
    110. 

  110. 

  111. =head1 RETURN VALUES
    112. 

  112. 

  113. CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if
    114. 

  114. an error occurs.
    115. 

  115. 

  116. CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(),
    117. 

  117. CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and
    118. 

  118. CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs.
    119. 

  119. CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.
    120. 

  120. 

  121. CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0
    122. 

  122. for a successful comparison and non zero otherwise.
    123. 

  123. 

  124. Any error can be obtained from L<ERR_get_error(3)>.
    125. 

  125. 

  126. =head1 SEE ALSO
    127. 

  127. 

  128. L<ERR_get_error(3)>, L<CMS_decrypt(3)>
    129. 

  129. 

  130. =head1 COPYRIGHT
    131. 

  131. 

  132. Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
    133. 

  133. 

  134. Licensed under the Apache License 2.0 (the "License").  You may not use
    135. 

  135. this file except in compliance with the License.  You can obtain a copy
    136. 

  136. in the file LICENSE in the source distribution or at
    137. 

  137. L<https://www.openssl.org/source/license.html>.
    138. 

  138. 

  139. =cut
    140.