CMS_ADD1_SIGNER(3) | Library Functions Manual | CMS_ADD1_SIGNER(3) |
CMS_add1_signer
,
CMS_SignerInfo_sign
— add a
signer to a CMS SignedData structure
#include
<openssl/cms.h>
CMS_SignerInfo *
CMS_add1_signer
(CMS_ContentInfo
*cms, X509 *signcert, EVP_PKEY
*pkey, const EVP_MD *md,
unsigned int flags);
int
CMS_SignerInfo_sign
(CMS_SignerInfo
*si);
CMS_add1_signer
()
adds a signer with certificate signcert and private
key pkey using message digest md
to the signerInfos field of the
SignedData structure cms, which
should have been obtained from an initial call to
CMS_sign(3) with the flag
CMS_PARTIAL
set, or which can be a valid
SignedData structure in the case of re-signing.
If md is NULL
, the
default digest for the public key algorithm of pkey is
used.
Unless the CMS_REUSE_DIGEST
flag is set,
the cms structure remains incomplete and must be
finalized either by streaming (if applicable) or by a call to
CMS_final(3).
The main purpose of
CMS_add1_signer
()
is to provide finer control over a CMS SignedData
structure where the simpler CMS_sign(3)
function defaults are not appropriate, for example if multiple signers or
non default digest algorithms are needed. New attributes can also be added
using the returned CMS_SignerInfo structure and the
CMS attribute utility functions or the CMS signed receipt request
functions.
Any of the following flags (OR'ed together) can be passed in the flags parameter:
CMS_REUSE_DIGEST
CMS_PARTIAL
CMS_REUSE_DIGEST
, the returned
CMS_SignerInfo structure will not be finalized so
additional attributes can be added. In this case an explicit call to
CMS_SignerInfo_sign
()
is needed to finalize it.CMS_NOCERTS
CMS_NOATTR
CMS_NOSMIMECAP
CMS_USE_KEYID
If present, the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256-bit AES, Gost R3411-94, Gost 28147-89, 192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit RC2, DES and 40-bit RC2. If any of these algorithms is not available then it will not be included.
The
CMS_SignerInfo_sign
()
function explicitly signs si. Its main use is when the
CMS_REUSE_DIGEST
and
CMS_PARTIAL
flags were both set in the call to
CMS_add1_signer
() that created
si.
CMS_add1_signer
() returns an internal
pointer to the new CMS_SignerInfo structure just added
or NULL
if an error occurs.
CMS_ContentInfo_new(3), CMS_final(3), CMS_sign(3), ERR_get_error(3)
RFC 5652: Cryptographic Message Syntax, section 5.1: SignedData Type
RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification
CMS_add1_signer
() and
CMS_SignerInfo_sign
() first appeared in OpenSSL
0.9.8h and have been available since OpenBSD
6.7.
June 24, 2020 | OpenBSD-current |