Local adjustments for OpenSSL-1.0.1p.
[dragonfly.git] / secure / lib / libcrypto / man / PKCS7_encrypt.3
CommitLineData
5a44c043 1.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
8b0cefbb 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
8b0cefbb 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
8b0cefbb 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
8b0cefbb
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
8b0cefbb 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
8b0cefbb
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
8b0cefbb
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
5a44c043
SW
41. ds C`
42. ds C'
984263bc 43'br\}
8b0cefbb 44.\"
e257b235
PA
45.\" Escape single quotes in literal strings from groff's Unicode transform.
46.ie \n(.g .ds Aq \(aq
47.el .ds Aq '
48.\"
8b0cefbb 49.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 50.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
8b0cefbb
JR
51.\" entries marked with X<> in POD. Of course, you'll have to process the
52.\" output yourself in some meaningful fashion.
5a44c043
SW
53.\"
54.\" Avoid warning from groff about undefined register 'F'.
55.de IX
984263bc 56..
5a44c043
SW
57.nr rF 0
58.if \n(.g .if rF .nr rF 1
59.if (\n(rF:(\n(.g==0)) \{
60. if \nF \{
61. de IX
62. tm Index:\\$1\t\\n%\t"\\$2"
e257b235 63..
5a44c043
SW
64. if !\nF==2 \{
65. nr % 0
66. nr F 2
67. \}
68. \}
e257b235 69.\}
5a44c043 70.rr rF
aac4ff6f 71.\"
8b0cefbb
JR
72.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
73.\" Fear. Run. Save yourself. No user-serviceable parts.
74. \" fudge factors for nroff and troff
984263bc 75.if n \{\
8b0cefbb
JR
76. ds #H 0
77. ds #V .8m
78. ds #F .3m
79. ds #[ \f1
80. ds #] \fP
984263bc
MD
81.\}
82.if t \{\
8b0cefbb
JR
83. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
84. ds #V .6m
85. ds #F 0
86. ds #[ \&
87. ds #] \&
984263bc 88.\}
8b0cefbb 89. \" simple accents for nroff and troff
984263bc 90.if n \{\
8b0cefbb
JR
91. ds ' \&
92. ds ` \&
93. ds ^ \&
94. ds , \&
95. ds ~ ~
96. ds /
984263bc
MD
97.\}
98.if t \{\
8b0cefbb
JR
99. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
100. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
101. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
102. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
103. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
104. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 105.\}
8b0cefbb 106. \" troff and (daisy-wheel) nroff accents
984263bc
MD
107.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
108.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
109.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
110.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
111.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
112.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
113.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
114.ds ae a\h'-(\w'a'u*4/10)'e
115.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 116. \" corrections for vroff
984263bc
MD
117.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
118.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 119. \" for low resolution devices (crt and lpr)
984263bc
MD
120.if \n(.H>23 .if \n(.V>19 \
121\{\
8b0cefbb
JR
122. ds : e
123. ds 8 ss
124. ds o a
125. ds d- d\h'-1'\(ga
126. ds D- D\h'-1'\(hy
127. ds th \o'bp'
128. ds Th \o'LP'
129. ds ae ae
130. ds Ae AE
984263bc
MD
131.\}
132.rm #[ #] #H #V #F C
8b0cefbb
JR
133.\" ========================================================================
134.\"
135.IX Title "PKCS7_encrypt 3"
7dc78669 136.TH PKCS7_encrypt 3 "2015-07-09" "1.0.1p" "OpenSSL"
e257b235
PA
137.\" For nroff, turn off justification. Always turn off hyphenation; it makes
138.\" way too many mistakes in technical documents.
139.if n .ad l
140.nh
984263bc
MD
141.SH "NAME"
142PKCS7_encrypt \- create a PKCS#7 envelopedData structure
143.SH "SYNOPSIS"
8b0cefbb 144.IX Header "SYNOPSIS"
01185282
PA
145.Vb 1
146\& #include <openssl/pkcs7.h>
147\&
148\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
149.Ve
984263bc 150.SH "DESCRIPTION"
8b0cefbb
JR
151.IX Header "DESCRIPTION"
152\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR
984263bc 153is a list of recipient certificates. \fBin\fR is the content to be encrypted.
8b0cefbb 154\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
984263bc 155.SH "NOTES"
8b0cefbb 156.IX Header "NOTES"
01185282
PA
157Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient
158certificates supplied to this function must all contain \s-1RSA\s0 public keys, though
159they do not have to be signed using the \s-1RSA\s0 algorithm.
984263bc 160.PP
01185282
PA
161\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
162because most clients will support it.
984263bc 163.PP
01185282 164Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64
5a44c043 165bit \s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR
01185282 166respectively.
984263bc 167.PP
01185282
PA
168The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
169its parameters.
984263bc 170.PP
01185282 171Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
984263bc 172envelopedData containing an S/MIME signed message. This can be readily produced
8b0cefbb
JR
173by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
174\&\fIPKCS7_encrypt()\fR.
984263bc
MD
175.PP
176The following flags can be passed in the \fBflags\fR parameter.
177.PP
01185282
PA
178If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are
179prepended to the data.
180.PP
181Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
182required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation
183occurs. This option should be used if the supplied data is in binary format
184otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then
185\&\fB\s-1PKCS7_TEXT\s0\fR is ignored.
186.PP
187If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output
5a44c043 188suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
01185282
PA
189.SH "NOTES"
190.IX Header "NOTES"
191If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
192complete and outputting its contents via a function that does not
193properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable
194results.
984263bc 195.PP
01185282
PA
196Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
197\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
5a44c043 198can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
01185282 199\&\fIBIO_new_PKCS7()\fR.
984263bc 200.SH "RETURN VALUES"
8b0cefbb 201.IX Header "RETURN VALUES"
01185282 202\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
984263bc 203The error can be obtained from \fIERR_get_error\fR\|(3).
984263bc 204.SH "SEE ALSO"
74dab6c2 205.IX Header "SEE ALSO"
8b0cefbb
JR
206\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3)
207.SH "HISTORY"
984263bc 208.IX Header "HISTORY"
8b0cefbb 209\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
01185282 210The \fB\s-1PKCS7_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.