Re: Convert PKCS7_encrypt output to char*

Mon, 25 Jun 2012 06:34:20 -0700 

Hi,
A good idea might be to use the following sequence to create a base64 encoded output (safe to send over network): 

        memorybio = BIO_new(BIO_s_mem());
        base64bio = BIO_new(BIO_f_base64());
        outbio = BIO_push(base64bio, memorybio);

        /* Copy PKCS#7 */
        i2d_PKCS7_bio(outbio, s->request_p7);
        BIO_flush(outbio);
        BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
        s->request_len = BIO_get_mem_data(memorybio, &s->request_payload);

I took this from a software called "sscep" just for reference.

It base64 encodes the data and sends it over the network. On the other 
side it is easy to base64 decode it. As such it gives you the guarantee 
it is decoded correctly.
On the other side you should of course also have the reverse chain, but 
I don't have an example at hand for that.


Regards

On 25.06.2012 15:04, Mohammad Khodaei wrote:

Hello,

I want to encrypt a small data using recipient public key and decrypt
it on the receiver side using recipient private key. I chose

"PKCS7_encrypt" and "PKCS7_decrypt" api to do so. Are they the 
correct

functions? Is there any other alternative?

Now my problem is that I want to convert the encrypted output of
"PKCS7_encrypt" to char* to send it over TCP. I used
"i2d_PKCS7_fp", "d2i_PKCS7_bio" and "d2i_PKCS7_fp" to first write
them in the file and later on read them and send them. Here is the
procedure to encrypt:


    P7 = PKCS7_ENCRYPT(RECIPS, IN, EVP_DES_EDE3_CBC(), FLAGS);

    IF (!P7)

        GOTO ERR;

    FILE *FP = NULL;

    CHAR *FILE = "HELLO";

    SIZE_T LEN = 0;

    FP = FOPEN(FILE, "W");

    IF (FP == NULL) {

        PRINTF("ERROR IN OPENING A FILE..", FILE);

    }

    I2D_PKCS7_FP(FP, P7);

    FCLOSE(FP);


And here is the code to decrypt? Is the procedure to convert is
correct?  


    FILE *P = NULL;

    CHAR *FILE = "HELLO";

    P = FOPEN(FILE, "R");

    IF (P == NULL) {

        PRINTF("ERROR IN OPENING A FILE..", FILE);

    }

    D2I_PKCS7_FP(P, &P7);

    FCLOSE(P);

    IF (!P7)

        GOTO ERR;

    BIO* OUT;

    D2I_PKCS7_BIO(OUT, &P7);

    

    IF (!(&OUT2))

        GOTO ERR;

    /* DECRYPT S/MIME MESSAGE */

    IF (!PKCS7_DECRYPT(P7, RKEY, RCERT, &OUT, 0))

        GOTO ERR;


It does not work and even the "out" is not initialized. Any
suggestion? 

Thanks a lot


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to