> Richard Dykiel wrote:
>
> Hi
> we plan to use the PKCS#7 module to signt + encrypt data.
> In the readme file of the crypto/pkcs7 directory we can read:
>
> "WARNING
> Everything in this directory is experimental and is subject to change.
> Do not rely on the stuff in here not changing in the next release"
>
> I'd be very grateful to have amswers to the following questions:
>
> 1- Is the readme statement still true? I.e. if we start implementing
> on a given set of APIs, is there a chance that everything changes in
> the next release?
>
No it isn't true. That was something Eric put in ages ago. It needs
deleting.
The stuff smime.c uses is not likely to change much.
> 2- Is the implementation stable, ie tested?
>
It has now passed RSAs S/MIME compatibility test: see
http://www.rsasecurity.com/standards/smime/interop_center.html
Draw your own conclusions from that :-)
> 3- Does the openssl implementation of pkcs#7 supports the notion of
> "external signatures", as per note 3 of section 7 of the pkcs#7 spec?
>
Yes. This stuff isn't documented much yet. Have a look at the 'smime'
application in apps/smime.c for some pointers.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
