On 2005.11.04 at 14:02:04 +0100, Pablo J Royo wrote: > > > > Is there any way to create a detached PKCS7 envelope with openssl > > > utilities (smime) ? > > > > Create S/MIME message and extract signature part using any > > mime-capable tool or just some text processing utitity > > This is not an option, because I need to do this inside my programs.
It is no problem. "mime-capable tool" can be a library routine as well. With some effort you even can keep every bit temporary data in the core memory, avoiding writing of temporary files. BIO abstraction in OpenSSL is powerful enough to do this. > I've been searching Internet with no results. It seems nobody is using > detached envelopes. > > In fact, I have used OpenSSL pkcs7 routines to create and read detached > envelopes, but I'm not sure if my envelopes are correct, because there is no > other application to check them. If openssl utility is able to check them using -contents option, they are probably correct. > All I know is that CryptoAPI correctly reads my PKCS7 headers, but gives an > ASN1 bad tag error when reading the (detached) ciphered data, or tries to > decipher more bytes than I put on my envelope, so I don't know what part is > failing, if encryption or decryption. I've thought that detached envelopes are for signing, not for encryption. I cannot imagine useful application for detached envelope for encrypted data. Can you point me to the standard document which describes usage of detached envelopes for ENCRYPTED data? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
