On Fri, Jun 10, 2011, Claudiu Stanciu wrote:
> Hy. I am trying to encrypt a text into a pkcs7 format without using
> PKCS7_encrypt, because i want to control the key used. So I have done almost
> everything, but can't put the IV in the pkcs7 data. trying to obtain a PKCS7
> enveloped data with aes_cbc_256 encryption.
> I can't understand where to put the IV. I've done a normal encryption using
> PKCS7_encrypt and saw that it goes into the encryptedcontentinfo, between the
> used algorithm name and the actual encrypted data.
> EncryptedContentInfo ::= SEQUENCE {
> contentType ContentType,
> contentEncryptionAlgorithm
> ContentEncryptionAlgorithmIdentifier,
> encryptedContent <---- i think it goes here
> [0] IMPLICIT EncryptedContent OPTIONAL }
>
> EncryptedContent ::= OCTET STRING
>
It is part of the contentEncryptionAlgorithm.
> Apreciate the help on this one. PS: here is a little part of the code used so
> far:
>
> PKCS7_set_type ( pkcs7, NID_pkcs7_enveloped );
> ASN1_OCTET_STRING *encrypted_data = ASN1_OCTET_STRING_new();
> ASN1_OCTET_STRING_set ( encrypted_data, encrypted_output, inSize );
>
>
> PKCS7_ENVELOPE *p7_envelope = PKCS7_ENVELOPE_new();
> X509_ALGOR *p7_alg = X509_ALGOR_new();
> X509_ALGOR_set0( p7_alg, OBJ_nid2obj(NID_aes_256_cbc), V_ASN1_NULL, 0 );
>
Create an ASN1_OCTET_STRING with the IV in it. Set the type above to
V_ASN1_OCTET_STRING and pass that octet string as the parameter.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
