On Friday September 3rd 2004 Hellan.Kim KHE wrote:
> I'm trying to make a signed and encrypted PKCS#7 message with a
> footprint as small as possible. So my (probably dumb) question is: Is
> it possible not to include signers certificate in the PKCS#7 ? The
> PKCS7_Sign() function does not seem to allow it.
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
BIO *data, int flags);
Use PKCS7_NOCERTS in the 'flags' argument.
> When the receiver wants to verify the signature, he then of course has
> to supply signers certificate himself somehow, in order to perform the
> verification.
Yes.
--
Marco Roeland
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
