Thank you for the responses. I have implemented encryption that adds a secret key, and secret key id using: CMS_add0_recipient_key, CMS_EncryptData_encrypt, SMIME_write_CMS The output file looks correct, but I need to decrypt it back to be sure. I would like to be able to get the secret key id from the envelope data to then search a database for the key, and then CMS_decrypt. I have yet to determine the most straightforward way of getting the key ids from the envelope/wrapped content of cms. Is there a combination if I have SMIME_read the cms from a file like: keyId = cms->envelopedData->keyId? Or do I need to handle a stack_of recipient infos in order to get the key id from kekri0_get_id? Thanks again, Abe On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Henson <steve at openssl.org> wrote: > On Mon, Apr 04, 2016, Abe Racioppo wrote: > > > Hey guys, > > > > I'm trying to use the CMS operations in libcrypto but with a symmetric > key > > encryption key instead of x509. > > > > I'm thinking I want to use a combination of > > > > CMS_RecipientInfo_set0_pkey, > > SMIME_write_CMS, > > and > > CMS_EncryptedData_encrypt. > > > > Has anyone done this before and can give me some direction? This is my > > first time working with openssl and am getting kinda lost. > > > > You have several options here. > > You can just use the encrypted data type with a key directly. > > You can use the enveloped data type with a symmetric wrapping key. > > You can use the enveloped data type with a password based recipient info. > > Which you use depends on the application you have in mind. > > In the first case you just call CMS_EncryptData_encrypt() followed by > SMIME_write_CMS(). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- signature -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160411/18829fbe/attachment.html>
