1 .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
4 .\" ========================================================================
5 .de Sh \" Subsection heading
13 .de Sp \" Vertical space (when we can't use .PP)
17 .de Vb \" Begin verbatim text
22 .de Ve \" End verbatim text
26 .\" Set up some character translations and predefined strings. \*(-- will
27 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28 .\" double quote, and \*(R" will give a right double quote. | will give a
29 .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30 .\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31 .\" expand to `' in nroff, nothing in troff, for use with C<>.
33 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
37 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
51 .\" If the F register is turned on, we'll generate index entries on stderr for
52 .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53 .\" entries marked with X<> in POD. Of course, you'll have to process the
54 .\" output yourself in some meaningful fashion.
57 . tm Index:\\$1\t\\n%\t"\\$2"
63 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
64 .\" way too many mistakes in technical documents.
68 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69 .\" Fear. Run. Save yourself. No user-serviceable parts.
70 . \" fudge factors for nroff and troff
79 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
85 . \" simple accents for nroff and troff
95 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
102 . \" troff and (daisy-wheel) nroff accents
103 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110 .ds ae a\h'-(\w'a'u*4/10)'e
111 .ds Ae A\h'-(\w'A'u*4/10)'E
112 . \" corrections for vroff
113 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
115 . \" for low resolution devices (crt and lpr)
116 .if \n(.H>23 .if \n(.V>19 \
129 .\" ========================================================================
131 .IX Title "PKCS7_encrypt 3"
132 .TH PKCS7_encrypt 3 "2006-11-19" "0.9.8d" "OpenSSL"
134 PKCS7_encrypt \- create a PKCS#7 envelopedData structure
136 .IX Header "SYNOPSIS"
137 \&\s-1PKCS7\s0 *PKCS7_encrypt(\s-1STACK_OF\s0(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags);
139 .IX Header "DESCRIPTION"
140 \&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR
141 is a list of recipient certificates. \fBin\fR is the content to be encrypted.
142 \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
145 Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates
146 supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to
147 be signed using the \s-1RSA\s0 algorithm.
149 \&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because
150 most clients will support it.
152 Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit
153 \&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively.
155 The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its
158 Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
159 envelopedData containing an S/MIME signed message. This can be readily produced
160 by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
161 \&\fIPKCS7_encrypt()\fR.
163 The following flags can be passed in the \fBflags\fR parameter.
165 If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
168 Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
169 by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
170 option should be used if the supplied data is in binary format otherwise the translation
171 will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored.
173 .IX Header "RETURN VALUES"
174 \&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
175 The error can be obtained from \fIERR_get_error\fR\|(3).
178 The lack of single pass processing and need to hold all data in memory as
179 mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
181 .IX Header "SEE ALSO"
182 \&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3)
185 \&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5