Verifying an encrypted PKCS#7

[Hellan,Kim KHE]

Hi

If I have a PKCS#7 that is only encrypted (pkcs7_enveloped) , how can I then
be sure of the integrity of the data?
With a signed PKCS#7 you can verify the signature, but what if there is no
signature. Does the PKCS#7 format itself make it impossible to tamper with
such an encrypted blob or is there some OpenSSL function that can verify
the integrity (like PKCS7_verify)?

Thanks,
Kim Hellan
KMD / KMD-CA

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Verifying an encrypted PKCS#7

[Dr S N Henson]

Hellan,Kim KHE wrote:
 
 Hi
 
 If I have a PKCS#7 that is only encrypted (pkcs7_enveloped) , how can I then
 be sure of the integrity of the data?
 With a signed PKCS#7 you can verify the signature, but what if there is no
 signature. Does the PKCS#7 format itself make it impossible to tamper with
 such an encrypted blob or is there some OpenSSL function that can verify
 the integrity (like PKCS7_verify)?
 

PKCS#7 encrypted data can be produced by anyone with access to the
recipient(s) certificates which will normally be publically available.
Unless the sender has signed the content before encryption there is no
way to be sure of its integrity.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]