On Mon, Feb 23, 2015, Richard Welty wrote: > i'm starting on some work that needs to use CMS in an > application, and i'm having trouble getting my head > wrapped around how to handle the case of verifying > a signature and then decrypting the enveloped data > that has been signed. specifically, i'm not grasping > how to extract the encrypted data to pass to CMS_decrypt > after verification is done. do i need to use a BIO > filter for this or is there some other mechanism i'm not > seeing? > Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
