PKCS7_decrypt 3 2008-05-09 0.9.9-dev OpenSSL
NAME
PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
#include
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
DESCRIPTION
_P_K_C_S_7___d_e_c_r_y_p_t_(_) extracts and decrypts the content from a PKCS#7 envelopedData
structure. ppkkeeyy is the private key of the recipient, cceerrtt is the
recipients certificate, ddaattaa is a BIO to write the content to and
ffllaaggss is an optional set of flags.
NOTES
_O_p_e_n_S_S_L___a_d_d___a_l_l___a_l_g_o_r_i_t_h_m_s_(_) (or equivalent) should be called before using this
function or errors about unknown algorithms will occur.
Although the recipients certificate is not needed to decrypt the data it is needed
to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
The following flags can be passed in the ffllaaggss parameter.
If the PPKKCCSS77__TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are deleted
from the content. If the content is not of type tteexxtt//ppllaaiinn then an error is
returned.
RETURN VALUES
_P_K_C_S_7___d_e_c_r_y_p_t_(_) returns either 1 for success or 0 for failure.
The error can be obtained from _E_R_R___g_e_t___e_r_r_o_r(3)
BUGS
_P_K_C_S_7___d_e_c_r_y_p_t_(_) must be passed the correct recipient key and certificate. It would
be better if it could look up the correct key and certificate from a database.
The lack of single pass processing and need to hold all data in memory as
mentioned in _P_K_C_S_7___s_i_g_n_(_) also applies to _P_K_C_S_7___v_e_r_i_f_y_(_).
SEE ALSO
_E_R_R___g_e_t___e_r_r_o_r(3), _P_K_C_S_7___e_n_c_r_y_p_t(3)
HISTORY
_P_K_C_S_7___d_e_c_r_y_p_t_(_) was added to OpenSSL 0.9.5