On Tue, Jul 18, 2017, Justin Mogannam wrote: > Hello, > I have a signedData package that contains an encryptedKeyPackage > (specifically OID 2.16.840.1.101.2.1.2.78.2, aka id-ct-KP-encryptedKeyPkg) > that I want to extract from it. I am somewhat able to extract the sequence > that contains this data via the OpenSSL command line: > > $ openssl asn1parse -in <my_pkg.der> -inform DER -strparse <hard-coded > offset I computed> > > However, I am looking for the OpenSSL calls to do the same thing, ideally > extract package contents by its OID without having to know the offset (such > that I can extract the data from any given package by that particular OID). > How would I go about doing this? I've been looking endlessly into asn1.h and > x509.h, and am able to somewhat parse the entire package into a structure, > but I could use some guidance as to how to further break it down into parts. > Thank you, and I hope to hear a response back soon. > Well if this follows RFC6032 the outer part will be a ContentInfo structure which you can parse using d2i_CMS_ContentInfo. From there you can use various utility functions to analyse it. For example CMS_get0_eContentType() to get the OID corresponding to the encapsulated content type and CMS_get0_content() which (if I read the spec correctly) should get you the EncryptedKeyPackage structure. After that you'll have to parse it yourself because OpenSSL doesn't support that atructure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
