PKCS7_decrypt 3 2008-05-09 0.9.9-dev OpenSSL

NAME

PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure

LIBRARY

libcrypto, -lcrypto

SYNOPSIS


 #include 


 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);

DESCRIPTION

_P_K_C_S_7___d_e_c_r_y_p_t_(_) extracts and decrypts the content from a PKCS#7 envelopedData structure. ppkkeeyy is the private key of the recipient, cceerrtt is the recipients certificate, ddaattaa is a BIO to write the content to and ffllaaggss is an optional set of flags.

NOTES

_O_p_e_n_S_S_L___a_d_d___a_l_l___a_l_g_o_r_i_t_h_m_s_(_) (or equivalent) should be called before using this function or errors about unknown algorithms will occur.

Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the PKCS#7 structure.

The following flags can be passed in the ffllaaggss parameter.

If the PPKKCCSS77__TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are deleted from the content. If the content is not of type tteexxtt//ppllaaiinn then an error is returned.

RETURN VALUES

_P_K_C_S_7___d_e_c_r_y_p_t_(_) returns either 1 for success or 0 for failure. The error can be obtained from _E_R_R___g_e_t___e_r_r_o_r(3)

BUGS

_P_K_C_S_7___d_e_c_r_y_p_t_(_) must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database.

The lack of single pass processing and need to hold all data in memory as mentioned in _P_K_C_S_7___s_i_g_n_(_) also applies to _P_K_C_S_7___v_e_r_i_f_y_(_).

SEE ALSO

_E_R_R___g_e_t___e_r_r_o_r(3), _P_K_C_S_7___e_n_c_r_y_p_t(3)

HISTORY

_P_K_C_S_7___d_e_c_r_y_p_t_(_) was added to OpenSSL 0.9.5