OpenBSD manual page server

Manual Page Search Parameters

SMIME_WRITE_PKCS7(3) Library Functions Manual SMIME_WRITE_PKCS7(3)

SMIME_write_PKCS7convert PKCS#7 structure to S/MIME format

/* -lcrypto */
#include <openssl/pkcs7.h>

int
SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);

() generates an S/MIME message on out by writing MIME 1.0 headers followed by a BER- and base64-encoded serialization of p7. The BER encoding uses the DER format except as described for PKCS7_STREAM below. If streaming is enabled, then the content must be supplied in the data argument.

The flags can be the logical OR of zero or more of the following bits:

Use cleartext signing and generate a "multipart/signed" S/MIME message. The content is read from data. If data is a NULL pointer, this flag is ignored.

This flag is only supported for signedData where PKCS7_DETACHED is also set when PKCS7_sign(3) is called.

If PKCS7_STREAM is not set, the data must be read twice: once to compute the signature in PKCS7_sign(3) and once to output the S/MIME message.

If PKCS7_DETACHED is ignored or not specified, the smime-type is chosen according to the type of p7:

"enveloped-data"
"signed-data"
if p7 specifies any digest algorithm
"certs-only"
otherwise
"compressed-data"
Skip the calls to PKCS7_dataInit(3) and PKCS7_dataFinal(3). This flag has no effect unless PKCS7_DETACHED is also set.
Perform streaming by reading the content from data. This only works if PKCS7_DETACHED is not specified.

This flag should only be set if PKCS7_STREAM was also set in the previous call to PKCS7_sign(3) or PKCS7_encrypt(3).

The content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and DER format is used.

Prepend the line "Content-Type: text/plain" to the content. This only makes sense if PKCS7_DETACHED is also set. It is ignored if the flag SMIME_BINARY is also set.
If specified, this flag is passed through to SMIME_crlf_copy(3).
End MIME header lines with pairs of carriage return and newline characters. By default, no carriage return characters are written and header lines are ended with newline characters only.
If this bit is set in the flags argument, "application/pkcs7-mime" or "application/pkcs7-signature" is used in Content-Type headers. Otherwise, "application/x-pkcs7-mime" or "application/x-pkcs7-signature" is used.

SMIME_write_PKCS7() is intended to return 1 on success or 0 on failure.

BIO_f_base64(3), BIO_new(3), i2d_PKCS7_bio_stream(3), PEM_write_bio_PKCS7_stream(3), PEM_write_PKCS7(3), PKCS7_final(3), PKCS7_new(3), SMIME_crlf_copy(3), SMIME_read_PKCS7(3), SMIME_write_CMS(3)

SMIME_write_PKCS7() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7.

SMIME_write_PKCS7() ignores most errors and is likely to return 1 even after producing corrupt or incomplete output.

SMIME_write_PKCS7() always base64 encodes PKCS#7 structures. There should be an option to disable this.

June 11, 2025 OpenBSD-current