I'm writing an application which will receive messages which must be
both enveloped and signed, and I'm looking for the best way to do
this. Obviously, I can simply use EVP_Open* and EVP_Verify* in either
order to do this, but I'm wondering if there's a good way to do this –
ideally, I'd like to be able to use the openssl command-line utility
to generate messages manually during development.
I can't, however, seem to find any access to the EVP_Seal* methods in
the openssl command-line utility, though signature is available
through "openssl dgst".
Beyond that, I'm aware that PKCS#7 is used in S/MIME, and I've been
told that using it is a good idea, but I can't seem to figure out why
I should use it over simply doing the cryptographic operations – my
code will not need to interoperate with anything else.
If possible, I'd like control of the algorithms used, but I'd be
willing to settle for default choices if they are reasonably secure.
If I do have to do it manually, is there any convention as to which
operation (signing or enveloping) should be done first? Is there a
performance benefit to one approach?
I apologize if this is a newbie question (I'm sure it is); I just
didn't want to get started on this project in one format only to
discover that I've made a dreadful mistake.
Cheers,
--
Jeremy R.
NovaWave
Solutions______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
