On 26 Feb 2013, at 15:26, Dr. Stephen Henson wrote: .. >> Note that we had to pull in some non-exposed functions from pk7_lib/doit.c - >> so perhaps longer term it would be nice to see such as part of the API. >> > > When I first looked at this I'd hoped that you could do it cleanly using the > CMS API. > > You can *almost* get there but not quite. There are functions to access and > decrypt the recipient info structure and save the content encryption key and > add new recpient certificate details.
Right - though having pkcs7_decrypt_rinfo and pkcs7_encode_rinfo exposed would also be nice. > Unfortunately there is a missing piece: there is no way to currently encrypt > the extracted content encryption key with the newly added recipient. That will > be fixed at some point. Yes - indeed - deep inside dataFinal in pk7doit.c I think. Will keep an eye on it, as this functionality would long term be useful to put into the 'openssl smime' apps command. Dw.______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
