On Nov 25, 2016, at 12:43 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > Something like that did happen for PKCS#7 but the OCTET STRING encapsulation > is correct for CMS.
Aha, and this difference is called out in RFC5652 [5.2.1]. Thanks, that clarifies things for me a little. So typically it's only the outermost ContentInfo that directly embeds a CMS object without an intervening OCTET STRING, and other structures use EncapsulatedContentInfo instead of ContentInfo. However, I think the other half of my problem remains: if I'm putting another CMS object into a SignedData, AuthEnvelopedData, or other kind of wrapper, the OCTET STRING should contain the encoding of that object's structure (e.g. a BER-encoded AuthEnvelopedData, SignedData, ContentWithAttributes, etc. structure), not a ContentInfo *containing* that structure, right? How do I get OpenSSL to give me that encoded object without an enclosing ContentInfo?
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
