On 2005.11.07 at 10:14:42 +0100, Pablo J Royo wrote: > > With some effort you even can keep every bit temporary data in the core > > memory, avoiding writing of temporary files. BIO abstraction in OpenSSL > > is powerful enough to do this. > > The reason I want to use detached data, is to avoid having all my data in > memory. Now, OpenSSL handles all PKCS7 stuff in memory. > Using detached data is possible to cipher the stream of bytes, no matter how > big it is, with the symmetric key, then dump the PKCS7 with this key > encrypted. > In fact, may be more correct to change i2d_PKCS7 and d2i_PKCS7 in some way, > so pointers to access the data are not used, but a BIO so you can > read/create big PKCS7 without loading them in memory.
There is patch somewhere which does allow to handle big files. Look into contrib directory on OpenSSL site. Really, standards allow stream processing of PKCS7 data, and BIO abstraction in OpenSSL is powerful enough to handle any pkcs7 operation without having everything in core. At least in some cases. It is just problem of pkcs7 routines that they do not support stream operations. There is real problem with stream operations on S/MIME data, because S/MIME doesn't allow any digest except (now considered insecure MD5 and SHA1) to be specified in MIME headers. But it is not a problem for opaque signing and encryption/decription, because in PKCS7 digest is specified by OID. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
