[thirdparty/openssl.git] / doc / man3 / CMS_add1_recipient_cert.pod

=pod

=head1 NAME

CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure

=head1 SYNOPSIS

 #include <openssl/cms.h>

 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);

 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
                                           unsigned char *key, size_t keylen,
                                           unsigned char *id, size_t idlen,
                                           ASN1_GENERALIZEDTIME *date,
                                           ASN1_OBJECT *otherTypeId,
                                           ASN1_TYPE *otherType);

=head1 DESCRIPTION

CMS_add1_recipient_cert() adds recipient B<recip> to CMS_ContentInfo enveloped
data structure B<cms> as a KeyTransRecipientInfo structure.

CMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using
wrapping algorithm B<nid>, identifier B<id> of length B<idlen> and optional
values B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped
data structure B<cms> as a KEKRecipientInfo structure.

The CMS_ContentInfo structure should be obtained from an initial call to
CMS_encrypt() with the flag B<CMS_PARTIAL> set.

=head1 NOTES

The main purpose of this function is to provide finer control over a CMS
enveloped data structure where the simpler CMS_encrypt() function defaults are
not appropriate. For example if one or more KEKRecipientInfo structures
need to be added. New attributes can also be added using the returned
CMS_RecipientInfo structure and the CMS attribute utility functions.

OpenSSL will by default identify recipient certificates using issuer name
and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
identifier value instead. An error occurs if all recipient certificates do not
have a subject key identifier extension.

Currently only AES based key wrapping algorithms are supported for B<nid>,
specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap.
If B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used
consistent with B<keylen>.

=head1 RETURN VALUES

CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal
pointer to the CMS_RecipientInfo structure just added or NULL if an error
occurs.

=head1 SEE ALSO

L<ERR_get_error(3)>, L<CMS_decrypt(3)>,
L<CMS_final(3)>,

=head1 COPYRIGHT

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
e33ffaca DSH	1	=pod
	2
	3	=head1 NAME
	4
1bc74519	5	CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
e33ffaca DSH	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/cms.h>
	10
e9b77246 BB	11	CMS_RecipientInfo CMS_add1_recipient_cert(CMS_ContentInfo cms,
e9b77246 BB	12	X509 *recip, unsigned int flags);
e33ffaca	13
e9b77246 BB	14	CMS_RecipientInfo CMS_add0_recipient_key(CMS_ContentInfo cms, int nid,
	15	unsigned char *key, size_t keylen,
	16	unsigned char *id, size_t idlen,
	17	ASN1_GENERALIZEDTIME *date,
	18	ASN1_OBJECT *otherTypeId,
	19	ASN1_TYPE *otherType);
e33ffaca DSH	20
	21	=head1 DESCRIPTION
	22
38d3a738 DSH	23	CMS_add1_recipient_cert() adds recipient B<recip> to CMS_ContentInfo enveloped
38d3a738 DSH	24	data structure B<cms> as a KeyTransRecipientInfo structure.
e33ffaca DSH	25
e33ffaca DSH	26	CMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using
38d3a738	27	wrapping algorithm B<nid>, identifier B<id> of length B<idlen> and optional
c420fab5	28	values B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped
e33ffaca DSH	29	data structure B<cms> as a KEKRecipientInfo structure.
	30
	31	The CMS_ContentInfo structure should be obtained from an initial call to
	32	CMS_encrypt() with the flag B<CMS_PARTIAL> set.
	33
	34	=head1 NOTES
	35
	36	The main purpose of this function is to provide finer control over a CMS
	37	enveloped data structure where the simpler CMS_encrypt() function defaults are
	38	not appropriate. For example if one or more KEKRecipientInfo structures
	39	need to be added. New attributes can also be added using the returned
	40	CMS_RecipientInfo structure and the CMS attribute utility functions.
	41
	42	OpenSSL will by default identify recipient certificates using issuer name
	43	and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
	44	identifier value instead. An error occurs if all recipient certificates do not
	45	have a subject key identifier extension.
	46
	47	Currently only AES based key wrapping algorithms are supported for B<nid>,
	48	specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap.
	49	If B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used
	50	consistent with B<keylen>.
	51
	52	=head1 RETURN VALUES
	53
	54	CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal
	55	pointer to the CMS_RecipientInfo structure just added or NULL if an error
	56	occurs.
	57
	58	=head1 SEE ALSO
	59
9b86974e RS	60	L<ERR_get_error(3)>, L<CMS_decrypt(3)>,
9b86974e RS	61	L<CMS_final(3)>,
e33ffaca	62
e2f92610 RS	63	=head1 COPYRIGHT
	64
	65	Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
	66
4746f25a	67	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	68	this file except in compliance with the License. You can obtain a copy
	69	in the file LICENSE in the source distribution or at
	70	L<https://www.openssl.org/source/license.html>.
	71
	72	=cut