1CMS_ADD1_RECIPIENT_CERT(3ossl)      OpenSSL     CMS_ADD1_RECIPIENT_CERT(3ossl)
2
3
4

NAME

6       CMS_add1_recipient, CMS_add1_recipient_cert, CMS_add0_recipient_key -
7       add recipients to a CMS enveloped data structure
8

SYNOPSIS

10        #include <openssl/cms.h>
11
12        CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
13                                              EVP_PKEY *originatorPrivKey,
14                                              X509 *originator, unsigned int flags);
15
16        CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
17                                                   X509 *recip, unsigned int flags);
18
19        CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
20                                                  unsigned char *key, size_t keylen,
21                                                  unsigned char *id, size_t idlen,
22                                                  ASN1_GENERALIZEDTIME *date,
23                                                  ASN1_OBJECT *otherTypeId,
24                                                  ASN1_TYPE *otherType);
25

DESCRIPTION

27       CMS_add1_recipient() adds recipient recip and provides the originator
28       pkey originatorPrivKey and originator certificate originator to
29       CMS_ContentInfo.  The originator-related fields are relevant only in
30       case when the keyAgreement method of providing of the shared key is in
31       use.
32
33       CMS_add1_recipient_cert() adds recipient recip to CMS_ContentInfo
34       enveloped data structure cms as a KeyTransRecipientInfo structure.
35
36       CMS_add0_recipient_key() adds symmetric key key of length keylen using
37       wrapping algorithm nid, identifier id of length idlen and optional
38       values date, otherTypeId and otherType to CMS_ContentInfo enveloped
39       data structure cms as a KEKRecipientInfo structure.
40
41       The CMS_ContentInfo structure should be obtained from an initial call
42       to CMS_encrypt() with the flag CMS_PARTIAL set.
43

NOTES

45       The main purpose of this function is to provide finer control over a
46       CMS enveloped data structure where the simpler CMS_encrypt() function
47       defaults are not appropriate. For example if one or more
48       KEKRecipientInfo structures need to be added. New attributes can also
49       be added using the returned CMS_RecipientInfo structure and the CMS
50       attribute utility functions.
51
52       OpenSSL will by default identify recipient certificates using issuer
53       name and serial number. If CMS_USE_KEYID is set it will use the subject
54       key identifier value instead. An error occurs if all recipient
55       certificates do not have a subject key identifier extension.
56
57       Currently only AES based key wrapping algorithms are supported for nid,
58       specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and
59       NID_id_aes256_wrap.  If nid is set to NID_undef then an AES wrap
60       algorithm will be used consistent with keylen.
61

RETURN VALUES

63       CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an
64       internal pointer to the CMS_RecipientInfo structure just added or NULL
65       if an error occurs.
66

SEE ALSO

68       ERR_get_error(3), CMS_decrypt(3), CMS_final(3),
69

HISTORY

71       CMS_add1_recipient_cert and CMS_add0_recipient_key were added in
72       OpenSSL 3.0.
73
75       Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
76
77       Licensed under the Apache License 2.0 (the "License").  You may not use
78       this file except in compliance with the License.  You can obtain a copy
79       in the file LICENSE in the source distribution or at
80       <https://www.openssl.org/source/license.html>.
81
82
83
843.1.1                             2023-08-31    CMS_ADD1_RECIPIENT_CERT(3ossl)
Impressum