> With some effort you even can keep every bit temporary data in the core > memory, avoiding writing of temporary files. BIO abstraction in OpenSSL > is powerful enough to do this.
The reason I want to use detached data, is to avoid having all my data in memory. Now, OpenSSL handles all PKCS7 stuff in memory. Using detached data is possible to cipher the stream of bytes, no matter how big it is, with the symmetric key, then dump the PKCS7 with this key encrypted. In fact, may be more correct to change i2d_PKCS7 and d2i_PKCS7 in some way, so pointers to access the data are not used, but a BIO so you can read/create big PKCS7 without loading them in memory. > Can you point me to the standard document which describes usage of > detached envelopes for ENCRYPTED data? > No, I can't...but I can't find some place where it said is prohibited. My app must transport big amounts of data, so I can't load them in memory, so if I want to keep on using OpenSSL to assure portability I must use detached PKCS7. Anyway, I think the use of detached or not is an app issue, more than a standard issue. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
