#include
PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
_E_V_P___d_e_s___e_d_e_3___c_b_c_(_) (triple DES) is the algorithm of choice for S/MIME use because most clients will support it.
Some old "export grade" clients may only support weak encryption using 40 or 64 bit RC2. These can be used by passing _E_V_P___r_c_2___4_0___c_b_c_(_) and _E_V_P___r_c_2___6_4___c_b_c_(_) respectively.
The algorithm passed in the cciipphheerr parameter must support ASN1 encoding of its parameters.
Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to _P_K_C_S_7___e_n_c_r_y_p_t_(_).
The following flags can be passed in the ffllaaggss parameter.
If the PPKKCCSS77__TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are prepended to the data.
Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if PPKKCCSS77__BBIINNAARRYY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If PPKKCCSS77__BBIINNAARRYY is set then PPKKCCSS77__TTEEXXTT is ignored.
If the PPKKCCSS77__SSTTRREEAAMM flag is set a partial PPKKCCSS77 structure is output suitable for streaming I/O: no data is read from the BIO iinn.
Several functions including _S_M_I_M_E___w_r_i_t_e___P_K_C_S_7_(_), _i_2_d___P_K_C_S_7___b_i_o___s_t_r_e_a_m_(_), _P_E_M___w_r_i_t_e___b_i_o___P_K_C_S_7___s_t_r_e_a_m_(_) finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BBIIOO directly using _B_I_O___n_e_w___P_K_C_S_7_(_).