create a PKCS#7 envelopedData structure
, BIO *in
const EVP_CIPHER *cipher
() creates and returns a PKCS#7
envelopedData structure. certs
is a list of
recipient certificates. in
is the content to
be encrypted. cipher
is the symmetric cipher
to use. flags
is an optional set of flags.
Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
certificates supplied to this function must all contain RSA public keys,
though they do not have to be signed using the RSA algorithm.
The algorithm passed in the cipher
must support ASN.1 encoding of its parameters.
Many browsers implement a "sign and encrypt" option which is simply an
S/MIME envelopedData containing an S/MIME signed message. This can be readily
produced by storing the S/MIME signed message in a memory
and passing it to
The following flags can be passed in the flags
flag is set, MIME headers
for type text/plain
are prepended to the data.
Normally the supplied content is translated into MIME canonical format (as
required by the S/MIME specifications). If
is set, no translation occurs.
This option should be used if the supplied data is in binary format;
otherwise, the translation will corrupt it. If
is set, then
flag is set, a partial
structure is output suitable for
streaming I/O: no data is read from in
If the flag
is set, the returned
complete and outputting its contents via a
function that does not properly finalize the
structure will give unpredictable
Several functions, including
finalize the structure. Alternatively finalization can be performed by
obtaining the streaming ASN.1 BIO
() returns either a
if an error occurred. The error can be
to OpenSSL 0.9.5. The
first supported in OpenSSL 1.0.0.