xref: /openbsd-src/lib/libcrypto/man/CMS_add1_recipient_cert.3 (revision 0b7734b3d77bb9b21afec6f4621cae6c805dbd45) 
1.Dd $Mdocdate: November 11 2015 $
2.Dt CMS_ADD1_RECIPIENT_CERT 3
3.Os
4.Sh NAME
5.Nm CMS_add1_recipient_cert ,
6.Nm CMS_add0_recipient_key
7.Nd add recipients to a CMS enveloped data structure
8.Sh SYNOPSIS
9.In openssl/cms.h
10.Ft CMS_RecipientInfo *
11.Fo CMS_add1_recipient_cert
12.Fa "CMS_ContentInfo *cms"
13.Fa "X509 *recip"
14.Fa "unsigned int flags"
15.Fc
16.Ft CMS_RecipientInfo *
17.Fo CMS_add0_recipient_key
18.Fa "CMS_ContentInfo *cms"
19.Fa "int nid"
20.Fa "unsigned char *key"
21.Fa "size_t keylen"
22.Fa "unsigned char *id"
23.Fa "size_t idlen"
24.Fa "ASN1_GENERALIZEDTIME *date"
25.Fa "ASN1_OBJECT *otherTypeId"
26.Fa "ASN1_TYPE *otherType"
27.Fc
28.Sh DESCRIPTION
29.Fn CMS_add1_recipient_cert
30adds recipient
31.Fa recip
32to the
33.Vt CMS_ContentInfo
34enveloped data structure
35.Fa cms
36as a KeyTransRecipientInfo structure.
37.Pp
38.Fn CMS_add0_recipient_key
39adds the symmetric key
40.Fa key
41of length
42.Fa keylen
43using the wrapping algorithm
44.Fa nid ,
45identifier
46.Fa id
47of length
48.Fa idlen
49and optional values
50.Fa date ,
51.Fa otherTypeId ,
52and
53.Fa otherType
54to the
55.Vt CMS_ContentInfo
56enveloped data structure
57.Fa cms
58as a KEKRecipientInfo structure.
59.Pp
60The
61.Vt CMS_ContentInfo
62structure should be obtained from an initial call to
63.Xr CMS_encrypt 3
64with the flag
65.Dv CMS_PARTIAL
66set.
67.Sh NOTES
68The main purpose of this function is to provide finer control over a CMS
69enveloped data structure where the simpler
70.Xr CMS_encrypt 3
71function defaults are not appropriate.
72For example if one or more KEKRecipientInfo structures need to be added.
73New attributes can also be added using the returned
74.Vt CMS_RecipientInfo
75structure and the CMS attribute utility functions.
76.Pp
77OpenSSL will by default identify recipient certificates using issuer
78name and serial number.
79If
80.Dv CMS_USE_KEYID
81is set, it will use the subject key identifier value instead.
82An error occurs if all recipient certificates do not have a subject key
83identifier extension.
84.Pp
85Currently only AES based key wrapping algorithms are supported for
86.Fa nid ,
87specifically:
88.Dv NID_id_aes128_wrap ,
89.Dv NID_id_aes192_wrap ,
90and
91.Dv NID_id_aes256_wrap .
92If
93.Fa nid
94is set to
95.Dv NID_undef ,
96then an AES wrap algorithm will be used consistent with
97.Fa keylen .
98.Sh RETURN VALUES
99.Fn CMS_add1_recipient_cert
100and
101.Fn CMS_add0_recipient_key
102return an internal pointer to the
103.Vt CMS_RecipientInfo
104structure just added or
105.Dv NULL
106if an error occurs.
107.Sh SEE ALSO
108.Xr CMS_decrypt 3 ,
109.Xr CMS_final 3 ,
110.Xr ERR_get_error 3
111.Sh HISTORY
112.Fn CMS_add1_recipient_cert
113and
114.Fn CMS_add0_recipient_key
115were added to OpenSSL 0.9.8.
116