Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libcrypto / man / PKCS7_sign_add_signer.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
01185282
PA
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sp \" Vertical space (when we can't use .PP)
6.if t .sp .5v
7.if n .sp
8..
9.de Vb \" Begin verbatim text
10.ft CW
11.nf
12.ne \\$1
13..
14.de Ve \" End verbatim text
15.ft R
16.fi
17..
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
26.ie n \{\
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
35'br\}
36.el\{\
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
41'br\}
42.\"
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
47.\" If the F register is turned on, we'll generate index entries on stderr for
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
51.ie \nF \{\
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
54..
55. nr % 0
56. rr F
57.\}
58.el \{\
59. de IX
60..
61.\}
62.\"
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
66.if n \{\
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
72.\}
73.if t \{\
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
79.\}
80. \" simple accents for nroff and troff
81.if n \{\
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
88.\}
89.if t \{\
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
96.\}
97. \" troff and (daisy-wheel) nroff accents
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
107. \" corrections for vroff
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
110. \" for low resolution devices (crt and lpr)
111.if \n(.H>23 .if \n(.V>19 \
112\{\
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
122.\}
123.rm #[ #] #H #V #F C
124.\" ========================================================================
125.\"
126.IX Title "PKCS7_sign_add_signer 3"
e3261593 127.TH PKCS7_sign_add_signer 3 "2012-01-04" "1.0.0f" "OpenSSL"
01185282
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
132.SH "NAME"
133PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure.
134.SH "SYNOPSIS"
135.IX Header "SYNOPSIS"
136.Vb 1
137\& #include <openssl/pkcs7.h>
138\&
139\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
140.Ve
141.SH "DESCRIPTION"
142.IX Header "DESCRIPTION"
143\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private
144key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure
145\&\fBp7\fR.
146.PP
147The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR
148with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0
149signed data structure.
150.PP
151If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public
152key algorithm will be used.
153.PP
154Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure
155is not complete and must be finalized either by streaming (if applicable) or
156a call to \fIPKCS7_final()\fR.
157.SH "NOTES"
158.IX Header "NOTES"
159The main purpose of this function is to provide finer control over a PKCS#7
160signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are
161not appropriate. For example if multiple signers or non default digest
162algorithms are needed.
163.PP
164Any of the following flags (ored together) can be passed in the \fBflags\fR
165parameter.
166.PP
167If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content
168digest value from the \s-1PKCS7\s0 struture: to add a signer to an existing structure.
169An error occurs if a matching digest value cannot be found to copy. The
170returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set.
171.PP
172If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the
173\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes
174can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is
175needed to finalize it.
176.PP
177If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
178\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the
179\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the
180signers certificate can be obtained by other means: for example a previously
181signed message.
182.PP
183The signedData structure includes several PKCS#7 autenticatedAttributes
184including the signing time, the PKCS#7 content type and the supported list of
185ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no
186authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just
187the SMIMECapabilities are omitted.
188.PP
189If present the SMIMECapabilities attribute indicates support for the following
190algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of
191these algorithms is disabled then it will not be included.
192.PP
193\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
194structure just added, this can be used to set additional attributes
195before it is finalized.
196.SH "RETURN VALUES"
197.IX Header "RETURN VALUES"
198\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
199structure just added or \s-1NULL\s0 if an error occurs.
200.SH "SEE ALSO"
201.IX Header "SEE ALSO"
202\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
203\&\fIPKCS7_final\fR\|(3),
204.SH "HISTORY"
205.IX Header "HISTORY"
206\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0