On Mon, Apr 11, 2016, Abe Racioppo wrote: > Thank you for the responses. > > I have implemented encryption that adds a secret key, and secret key id > using: > CMS_add0_recipient_key, > CMS_EncryptData_encrypt, > SMIME_write_CMS > The output file looks correct, but I need to decrypt it back to be sure. > Ah CMS_EncryptedData_encrypt() just creates the encrypted data type. If you want to use enveloped data you use CMS_encrypt() first then CMS_add0_recipient_key() and finally SMIME_write_CMS(). > I would like to be able to get the secret key id from the envelope data to > then search a database for the key, and then CMS_decrypt. I have yet to > determine the most straightforward way of getting the key ids from the > envelope/wrapped content of cms. > > Is there a combination if I have SMIME_read the cms from a file like: > keyId = cms->envelopedData->keyId? > > Or do I need to handle a stack_of recipient infos in order to get the key > id from kekri0_get_id? > Yes. You need to use CMS_get0_RecipientInfos() as there can be multiple recipients of different types. For each recipient info you check the type with: CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_KEY For each match retrieve the key ID using CMS_RecipientInfo_kekri_get0_id(). If the id doesn't match a value in you database continue to the next recipient info. If no matches return an error. If you do get a match then call CMS_RecipientInfo_set0_key(). Finally call CMS_decrypt(): setting the key and certificate parameters to NULL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
