|CMS_ENCRYPT(3)||Library Functions Manual||CMS_ENCRYPT(3)|
create a CMS EnvelopedData structure
*certificates, BIO *in, const
EVP_CIPHER *cipher, unsigned int flags);
creates a CMS EnvelopedData structure, encrypting the
content provided by in.
The recipient certificates are added as
KeyTransRecipientInfo structures by calling the
internally. Only certificates carrying RSA, Diffie-Hellman or EC keys are
supported by this function. The certificates argument
can be set to
NULL if the
CMS_PARTIAL flag is set and recipients are added
cipher is the symmetric cipher to use. It must support ASN.1 encoding of its parameters. EVP_des_ede3_cbc(3) (triple DES) is the algorithm of choice for S/MIME use because most clients support it.
Many browsers implement a "sign and
encrypt" option which is simply an S/MIME
EnvelopedData containing an S/MIME signed message.
This can be readily produced by storing the S/MIME signed message in a
memory BIO and passing it to
The following flags can be passed in the flags parameter:
CMS_BINARYis set, then
CMS_encrypt() returns either a
CMS_ContentInfo structure or
NULL if an error occurred. The error can be obtained
RFC 5652: Cryptographic Message Syntax (CMS)
CMS_encrypt() first appeared in OpenSSL
0.9.8h and has been available since OpenBSD 6.7.
CMS_STREAM flag first appeared in
|November 2, 2019||OpenBSD-current|