|
Hello,
I am studying how pkcs7 works in openssl, particularly for encryption
(enveloped data). Except if I made a mistake, it seems that pkcs7 encryption is
made in memory, hence precluding encrypting very huge files: am I right?
Say you want to envelop a file:
- PKCS7_dataInit returns a BIO (p7bio) that is a
BIO_f_cipher+BIO_s_mem
- data is enveloped by BIO_write(p7bio, data)
- PKCS7_dataFinal "steals" the memory buffer of p7bio to attach it to the
p7 structure
- i2d_PKCS7_bio encodes the p7 structure in asn.1: in fact ASN1_i2d_bio
gets called and it works entirely in a malloced temporary memory
buffer!!
So if we encode a given file, the endoded data are present twice in memory:
in the p7structure, and in the asn1 temporary buffer.
What directions should I take if I want to be able to encrypt large files
in pkcs7 structures? It seems to me I should rewrite some PKCS7 functions, as
well as try to change the ASN1 encoding so that it can work as a BIO
filter?
I'd appreciate any ideas, thanks.
________________________________
Richard Dykiel, Starburst Software 150 Baker Avenue, Concord, MA 01742 http://www.starburstsoftware.com 1-800-585-3889 ext289 |
- Re: pkcs7 encryption limited by memory? Richard Dykiel
- Re: pkcs7 encryption limited by memory? Dr Stephen Henson
- Re: pkcs7 encryption limited by memory? Richard Dykiel
- Re: pkcs7 encryption limited by memory? Dr Stephen Henson
- Re: pkcs7 encryption limited by memory? Richard Dykiel
