1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncheryCMS_add1_recipient, CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/cms.h> 10e71b7053SJung-uk Kim 11b077aed3SPierre Pronchery CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, 12b077aed3SPierre Pronchery EVP_PKEY *originatorPrivKey, 13b077aed3SPierre Pronchery X509 *originator, unsigned int flags); 14b077aed3SPierre Pronchery 15e71b7053SJung-uk Kim CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 16e71b7053SJung-uk Kim X509 *recip, unsigned int flags); 17e71b7053SJung-uk Kim 18e71b7053SJung-uk Kim CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 19e71b7053SJung-uk Kim unsigned char *key, size_t keylen, 20e71b7053SJung-uk Kim unsigned char *id, size_t idlen, 21e71b7053SJung-uk Kim ASN1_GENERALIZEDTIME *date, 22e71b7053SJung-uk Kim ASN1_OBJECT *otherTypeId, 23e71b7053SJung-uk Kim ASN1_TYPE *otherType); 24e71b7053SJung-uk Kim 25e71b7053SJung-uk Kim=head1 DESCRIPTION 26e71b7053SJung-uk Kim 27b077aed3SPierre ProncheryCMS_add1_recipient() adds recipient B<recip> and provides the originator pkey 28b077aed3SPierre ProncheryB<originatorPrivKey> and originator certificate B<originator> to CMS_ContentInfo. 29b077aed3SPierre ProncheryThe originator-related fields are relevant only in case when the keyAgreement 30b077aed3SPierre Proncherymethod of providing of the shared key is in use. 31b077aed3SPierre Pronchery 32e71b7053SJung-uk KimCMS_add1_recipient_cert() adds recipient B<recip> to CMS_ContentInfo enveloped 33e71b7053SJung-uk Kimdata structure B<cms> as a KeyTransRecipientInfo structure. 34e71b7053SJung-uk Kim 35e71b7053SJung-uk KimCMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using 36e71b7053SJung-uk Kimwrapping algorithm B<nid>, identifier B<id> of length B<idlen> and optional 37e71b7053SJung-uk Kimvalues B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped 38e71b7053SJung-uk Kimdata structure B<cms> as a KEKRecipientInfo structure. 39e71b7053SJung-uk Kim 40e71b7053SJung-uk KimThe CMS_ContentInfo structure should be obtained from an initial call to 41e71b7053SJung-uk KimCMS_encrypt() with the flag B<CMS_PARTIAL> set. 42e71b7053SJung-uk Kim 43e71b7053SJung-uk Kim=head1 NOTES 44e71b7053SJung-uk Kim 45e71b7053SJung-uk KimThe main purpose of this function is to provide finer control over a CMS 46e71b7053SJung-uk Kimenveloped data structure where the simpler CMS_encrypt() function defaults are 47e71b7053SJung-uk Kimnot appropriate. For example if one or more KEKRecipientInfo structures 48e71b7053SJung-uk Kimneed to be added. New attributes can also be added using the returned 49e71b7053SJung-uk KimCMS_RecipientInfo structure and the CMS attribute utility functions. 50e71b7053SJung-uk Kim 51e71b7053SJung-uk KimOpenSSL will by default identify recipient certificates using issuer name 52e71b7053SJung-uk Kimand serial number. If B<CMS_USE_KEYID> is set it will use the subject key 53e71b7053SJung-uk Kimidentifier value instead. An error occurs if all recipient certificates do not 54e71b7053SJung-uk Kimhave a subject key identifier extension. 55e71b7053SJung-uk Kim 56e71b7053SJung-uk KimCurrently only AES based key wrapping algorithms are supported for B<nid>, 57e71b7053SJung-uk Kimspecifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. 58e71b7053SJung-uk KimIf B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used 59e71b7053SJung-uk Kimconsistent with B<keylen>. 60e71b7053SJung-uk Kim 61e71b7053SJung-uk Kim=head1 RETURN VALUES 62e71b7053SJung-uk Kim 63e71b7053SJung-uk KimCMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal 64e71b7053SJung-uk Kimpointer to the CMS_RecipientInfo structure just added or NULL if an error 65e71b7053SJung-uk Kimoccurs. 66e71b7053SJung-uk Kim 67e71b7053SJung-uk Kim=head1 SEE ALSO 68e71b7053SJung-uk Kim 69e71b7053SJung-uk KimL<ERR_get_error(3)>, L<CMS_decrypt(3)>, 70e71b7053SJung-uk KimL<CMS_final(3)>, 71e71b7053SJung-uk Kim 72b077aed3SPierre Pronchery=head1 HISTORY 73b077aed3SPierre Pronchery 74b077aed3SPierre ProncheryB<CMS_add1_recipient_cert> and B<CMS_add0_recipient_key> were added in 75b077aed3SPierre ProncheryOpenSSL 3.0. 76b077aed3SPierre Pronchery 77e71b7053SJung-uk Kim=head1 COPYRIGHT 78e71b7053SJung-uk Kim 79*e7be843bSPierre ProncheryCopyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. 80e71b7053SJung-uk Kim 81b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 82e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 83e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 84e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 85e71b7053SJung-uk Kim 86e71b7053SJung-uk Kim=cut 87