On Fri, Sep 06, 2013, Ken Goldman wrote: > I'm working through the 'openssl smime -sign' example. > > 1 > > The '-in' parameter appears to be the message, not a hash of the > message. Correct? >
Yes. > 2 > > When I run the example, the PKCS7_Sign() call appears to add the > entire message to the pkcs7 DER encoded file. > > Is this typical? > > Can I pass in NULL to omit the message if I'm sending it in separately? > The message is needed to compute the hash. If you don't want to include it in the encoded structure use the PKCS7_DETACHED flag. BTW you might want to consider using cms application and code instead which uses CMS instead of the older PKCS#7 standard. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org