]>
Commit | Line | Data |
---|---|---|
4e1b50e2 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
c264592d UM |
9 | #include <openssl/pkcs7.h> |
10 | ||
11 | int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); | |
4e1b50e2 DSH |
12 | |
13 | =head1 DESCRIPTION | |
14 | ||
15 | PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData | |
16 | structure. B<pkey> is the private key of the recipient, B<cert> is the | |
17 | recipients certificate, B<data> is a BIO to write the content to and | |
18 | B<flags> is an optional set of flags. | |
19 | ||
20 | =head1 NOTES | |
21 | ||
4e1b50e2 DSH |
22 | Although the recipients certificate is not needed to decrypt the data it is needed |
23 | to locate the appropriate (of possible several) recipients in the PKCS#7 structure. | |
24 | ||
25 | The following flags can be passed in the B<flags> parameter. | |
26 | ||
27 | If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted | |
28 | from the content. If the content is not of type B<text/plain> then an error is | |
29 | returned. | |
30 | ||
31 | =head1 RETURN VALUES | |
32 | ||
33 | PKCS7_decrypt() returns either 1 for success or 0 for failure. | |
34 | The error can be obtained from ERR_get_error(3) | |
35 | ||
36 | =head1 BUGS | |
37 | ||
38 | PKCS7_decrypt() must be passed the correct recipient key and certificate. It would | |
39 | be better if it could look up the correct key and certificate from a database. | |
40 | ||
41 | The lack of single pass processing and need to hold all data in memory as | |
42 | mentioned in PKCS7_sign() also applies to PKCS7_verify(). | |
43 | ||
44 | =head1 SEE ALSO | |
45 | ||
9b86974e | 46 | L<ERR_get_error(3)>, L<PKCS7_encrypt(3)> |
4e1b50e2 | 47 | |
e2f92610 RS |
48 | =head1 COPYRIGHT |
49 | ||
50 | Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. | |
51 | ||
4746f25a | 52 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
53 | this file except in compliance with the License. You can obtain a copy |
54 | in the file LICENSE in the source distribution or at | |
55 | L<https://www.openssl.org/source/license.html>. | |
56 | ||
57 | =cut |