Streaming mode exists to allow unbounded data, whose length is not known and may not fit in memory.
DER requires that the data be available and fit in memory and its length known. If you want DER dont use streaming. apps/cms.c has options for both, if you trace it through. But why do you care? There is no requirement CMS itself be DER, only that the data is fixed (so if detached *and* ASN.1 that means it should be DER) and if auth-attrs is used (as is usual, and default in openssl) the signature is computed over a modified DER encoding *of the attributes*. openssl does do the attributes (and in fact the signerinfos) in DER, since they are available in memory. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kálmán bácsi Sent: Friday, March 21, 2014 03:42 To: openssl-users@openssl.org Subject: *** Spam *** How to sign a file with DER format? Hello, I'm new to OpenSSL and got a question, I try to sign a file with the C library, the base of the program is the cms_sign.c example, only change is i2d_CMS_bio_stream() instead of SMIME_write_CMS(). I noticed in the documentation that i2d_CMS_bio_stream outputs BER. Is there any way to use DER? I googled it but find nothing, maybe used wrong keywords... Best regards, Peter
