OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
13-Apr-2007 18:31:09
Branch: HEAD Handle:
2007041317310800
Added files:
openssl/doc/crypto PKCS7_sign_add_signer.pod
Log:
PKCS7_sign_add_signer() docs.
Summary:
Revision Changes Path
1.1 +87 -0
openssl/doc/crypto/PKCS7_sign_add_signer.pod
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/doc/crypto/PKCS7_sign_add_signer.pod
============================================================
================
$ cvs diff -u -r0 -r1.1 PKCS7_sign_add_signer.pod
--- /dev/null 2007-04-13 18:30:57 +0200
+++ PKCS7_sign_add_signer.pod 2007-04-13 18:31:09 +0200
-0,0 +1,87
+=pod
+
+=head1 NAME
+
+PKCS7_sign_add_signer - add a signer PKCS7 signed data
structure.
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509
*signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+
+
+=head1 DESCRIPTION
+
+PKCS7_sign_add_signer() adds a signer with certificate
B<signcert> and private
+key B<pkey> using message digest B<md> to a
PKCS7 signed data structure
+B<p7>.
+
+The PKCS7 structure should be obtained from an initial
call to PKCS7_sign()
+with the flag B<PKCS7_PARTIAL> set or in the case
or re-signing a valid PKCS7
+signed data structure.
+
+If the B<md> parameter is B<NULL> then the
default digest for the public
+key algorithm will be used.
+
+Unless the B<PKCS7_REUSE_DIGEST> flag is set the
returned PKCS7 structure
+is not complete and must be finalized either by streaming
(if applicable) or
+a call to PKCS7_final().
+
+
+=head1 NOTES
+
+The main purpose of this function is to provide finer
control over a PKCS#7
+signed data structure where the simpler PKCS7_sign()
function defaults are
+not appropriate. For example if multiple signers or non
default digest
+algorithms are needed.
+
+Any of the following flags (ored together) can be passed
in the B<flags>
+parameter.
+
+If B<PKCS7_REUSE_DIGEST> is set then an attempt is
made to copy the content
+digest value from the PKCS7 struture: to add a signer to
an existing structure.
+An error occurs if a matching digest value cannot be
found to copy. The
+returned PKCS7 structure will be valid and finalized when
this flag is set.
+
+If B<PKCS7_PARTIAL> is set in addition to
B<PKCS7_REUSE_DIGEST> then the
+B<PKCS7_SIGNER_INO> structure will not be finalized
so additional attributes
+can be added. In this case an explicit call to
PKCS7_SIGNER_INFO_sign() is
+needed to finalize it.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate
will not be included in the
+PKCS7 structure, the signer's certificate must still be
supplied in the
+B<signcert> parameter though. This can reduce the
size of the signature if the
+signers certificate can be obtained by other means: for
example a previously
+signed message.
+
+The signedData structure includes several PKCS#7
autenticatedAttributes
+including the signing time, the PKCS#7 content type and
the supported list of
+ciphers in an SMIMECapabilities attribute. If
B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If
B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+
+If present the SMIMECapabilities attribute indicates
support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and
40 bit RC2. If any of
+these algorithms is disabled then it will not be
included.
+
+
+PKCS7_sign_add_signers() returns an internal pointer to
the PKCS7_SIGNER_INFO
+structure just added, this can be used to set additional
attributes
+before it is finalized.
+
+=head1 RETURN VALUES
+
+PKCS7_sign_add_signers() returns an internal pointer to
the PKCS7_SIGNER_INFO
+structure just added or NULL if an error occurs.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>,
L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_final(3)|PKCS7_final(3)>,
+
+=head1 HISTORY
+
+PEM_sign_add_signer() was added to OpenSSL 0.9.9
+
+=cut
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
