OpenBSD manual page server

Manual Page Search Parameters

CMS_GET0_RECIPIENTINFOS(3) Library Functions Manual CMS_GET0_RECIPIENTINFOS(3)

CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encryptCMS EnvelopedData RecipientInfo routines

#include <openssl/cms.h>

STACK_OF(CMS_RecipientInfo) *
CMS_get0_RecipientInfos(CMS_ContentInfo *cms);

int
CMS_RecipientInfo_type(CMS_RecipientInfo *ri);

int
CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);

int
CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *certificate);

int
CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);

int
CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);

int
CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen);

int
CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen);

int
CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);

int
CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);

CMS_get0_RecipientInfos() returns all the RecipientInfo structures associated with the EnvelopedData structure cms.

CMS_RecipientInfo_type() returns the type of ri:

for KeyTransRecipientInfo,
for KeyAgreeRecipientInfo,
for KEKRecipientInfo,
for PasswordRecipientinfo, or
for OtherRecipientInfo.

CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate RecipientIdentifier associated with the KeyTransRecipientInfo structure ri. Either the SubjectKeyIdentifier will be set in keyid or both issuer name and serial number in issuer and sno.

CMS_RecipientInfo_ktri_cert_cmp() compares the certificate against the KeyTransRecipientInfo structure ri.

CMS_RecipientInfo_set0_pkey() associates the private key pkey with the KeyTransRecipientInfo structure ri.

CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the KEKRecipientInfo structure ri. Fields are copied out as follows:

keyEncryptionAlgorithm to *palg,
keyIdentifier to *pid,
date to *pdate (optional),
other.keyAttrId to *potherid (optional),
other.keyAttr to *pothertype (optional).
Where a field is optional and absent, NULL is written to the corresponding parameter. Parameters the application is not interested in can be set to NULL.

CMS_RecipientInfo_kekri_id_cmp() compares the identifier in the id and idlen parameters against the keyIdentifier field of the KEKRecipientInfo structure ri.

CMS_RecipientInfo_set0_key() associates the symmetric key of length keylen with the KEKRecipientInfo structure ri.

CMS_RecipientInfo_decrypt() attempts to decrypt the RecipientInfo structure ri in cms. A key must have been associated with ri first.

CMS_RecipientInfo_encrypt() attempts to encrypt the RecipientInfo structure ri in cms. A key must have been associated with ri first and the content encryption key must be available, for example by a previous call to CMS_RecipientInfo_decrypt().

The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method of CMS_decrypt(3) is not appropriate.

In typical usage, an application retrieves all CMS_RecipientInfo structures using CMS_get0_RecipientInfos() and checks the type of each using CMS_RecipientInfo_type(). Depending on the type, the CMS_RecipientInfo structure can be ignored or its key identifier data retrieved using an appropriate function. If the corresponding secret or private key can be obtained by any appropriate means it can then be associated with the structure and CMS_RecipientInfo_decrypt() called. If successful, CMS_decrypt(3) can be called with a NULL key to decrypt the enveloped content.

The function CMS_RecipientInfo_encrypt() can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt an appropriate CMS_RecipientInfo structure to make the content encrypt key available. It will then add a new recipient using a function such as CMS_add1_recipient_cert(3) and finally encrypt the content encryption key using CMS_RecipientInfo_encrypt().

CMS_get0_RecipientInfos() returns an internal pointer to all the CMS_RecipientInfo structures, or NULL if an error occurs.

CMS_RecipientInfo_type() returns an integer constant.

CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key(), CMS_RecipientInfo_decrypt(), and CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.

CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_id_cmp() return 0 when ri matches or non-zero otherwise.

Any error can be obtained from ERR_get_error(3).

CMS_ContentInfo_new(3), CMS_decrypt(3)

RFC 5652 Cryptographic Message Syntax (CMS):

These functions first appeared in OpenSSL 0.9.8h, except that CMS_RecipientInfo_encrypt() first appeared in OpenSSL 1.0.2. They have been available since OpenBSD 6.7.

November 2, 2019 OpenBSD-current