On Fri, Dec 29, 2006, Nils Larsch wrote: > Hagai Yaffe wrote: > > > > > >I am using PKCS7_sign for applying Digital Signature to files, when I am > >creating an enveloped PKCS#7 file that contains also the signed file > >content all the signed file data is being loaded to memory (this would > >be a problem with large files), I know that I can use the DEACHED option > >to create a PCKS#7 file without the content of the signed file, but this > >is not good for me. > > > > > >I have searched the OpenSSL API and tried to think of a workaround but > >could not, is there a way (using OpenSSL API) to create a PKCS#7 digital > >signature of a file that will contain the signed file content without > >all the signed file being loaded to memory? > > perhaps [1] helps (I didn't have to test it so far) > > Cheers, > Nils > > [1] http://cvs.openssl.org/chngview?cn=15749
The OP should note the disclaimer on the commit log. It did work at one point and I could chain together several PKCS#7 BIOs to merge signing and encryption operations for example using full non-blocking I/O. However that was 3 years ago and some change since then might have broken it. This only works for DER format directly, the MIME encoder doesn't handle it. Oh and it's undocumented too ;-) I'll add some of the missing bits if/when I have time. The companion operation of stream based verify/decrypt is not included. That's considerably more difficult to do. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
