xref: /freebsd/crypto/openssl/doc/man3/CMS_add1_recipient_cert.pod (revision d11f81afd5a4a71d5f725950b0592ca212084780)
1=pod
2
3=head1 NAME
4
5CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
6
7=head1 SYNOPSIS
8
9 #include <openssl/cms.h>
10
11 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
12                                            X509 *recip, unsigned int flags);
13
14 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
15                                           unsigned char *key, size_t keylen,
16                                           unsigned char *id, size_t idlen,
17                                           ASN1_GENERALIZEDTIME *date,
18                                           ASN1_OBJECT *otherTypeId,
19                                           ASN1_TYPE *otherType);
20
21=head1 DESCRIPTION
22
23CMS_add1_recipient_cert() adds recipient B<recip> to CMS_ContentInfo enveloped
24data structure B<cms> as a KeyTransRecipientInfo structure.
25
26CMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using
27wrapping algorithm B<nid>, identifier B<id> of length B<idlen> and optional
28values B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped
29data structure B<cms> as a KEKRecipientInfo structure.
30
31The CMS_ContentInfo structure should be obtained from an initial call to
32CMS_encrypt() with the flag B<CMS_PARTIAL> set.
33
34=head1 NOTES
35
36The main purpose of this function is to provide finer control over a CMS
37enveloped data structure where the simpler CMS_encrypt() function defaults are
38not appropriate. For example if one or more KEKRecipientInfo structures
39need to be added. New attributes can also be added using the returned
40CMS_RecipientInfo structure and the CMS attribute utility functions.
41
42OpenSSL will by default identify recipient certificates using issuer name
43and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
44identifier value instead. An error occurs if all recipient certificates do not
45have a subject key identifier extension.
46
47Currently only AES based key wrapping algorithms are supported for B<nid>,
48specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap.
49If B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used
50consistent with B<keylen>.
51
52=head1 RETURN VALUES
53
54CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal
55pointer to the CMS_RecipientInfo structure just added or NULL if an error
56occurs.
57
58=head1 SEE ALSO
59
60L<ERR_get_error(3)>, L<CMS_decrypt(3)>,
61L<CMS_final(3)>,
62
63=head1 COPYRIGHT
64
65Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
66
67Licensed under the OpenSSL license (the "License").  You may not use
68this file except in compliance with the License.  You can obtain a copy
69in the file LICENSE in the source distribution or at
70L<https://www.openssl.org/source/license.html>.
71
72=cut
73