gsk_make_encrypted_data

Creates PKCS #7 EncryptedData content information.

Format

#include <gskcms.h>

gsk_status gsk_make_encrypted_data_content (
                                  int                      version,
                                  x509_algorithm_type      pbe_algorithm,
                                  const char *             password,
                                  int                      iterations,
                                  pkcs_content_info *      content_data,
                                  pkcs_content_info *      content_info)

Parameters

version: Specifies the PKCS #7 EncryptedData version number. This must be 0.
pbe_algorithm: Specifies the password-based encryption algorithm.
password: Specifies the encryption password as a null-terminated string in the local code page. The user will be prompted to enter the password if NULL is specified for this parameter.
iterations: Specifies the number of iterations used to derive the encryption key from the password. It is recommended that iterations be specified as 1024 or greater.
content_data: Specifies the EncryptedData content. This must be one of the content information types defined in PKCS #7.
content_info: Returns the EncryptedData content information. The application should call the gsk_free_content_info() routine to release the content information when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_ALG_NOT_AVAILABLE]: Encryption algorithm is not available
[CMSERR_ALG_NOT_SUPPORTED]: Encryption algorithm is not supported
[CMSERR_API_NOT_SUPPORTED]: The API is not supported.
[CMSERR_CONTENT_NOT_SUPPORTED]: The content type is not supported
[CMSERR_NO_CONTENT_DATA]: The content data length is zero
[CMSERR_NO_MEMORY]: Insufficient storage is available
[CMSERR_VERSION_NOT_SUPPORTED]: The version is not valid

Usage

The gsk_make_encrypted_data_content() routine creates PKCS #7 (Cryptographic Message Syntax) EncryptedData content information. The data content type must be one of the types defined by PKCS #7. The gsk_read_encrypted_data_content() routine can be used to extract the content data from the content information.

gsk_make_encrypted_data_content() is not supported when executing in FIPS mode and will return CMSERR_API_NOT_SUPPORTED.

The encryption key is derived from the password as described in PKCS #5, Version 2.0: Password-based Encryption and PKCS #12, Version 1.0: Personal Information Exchange. The selected algorithm determines how the key is derived from the password.

These password-based encryption algorithms are supported. The strong encryption algorithms may not be available depending upon government export regulations.

x509_alg_pbeWithMd2AndDesCbc - 56-bit DES encryption with MD2 digest - {1.2.840.113549.1.5.1}
x509_alg_pbeWithMd5AndDesCbc - 56-bit DES encryption with MD5 digest - {1.2.840.113549.1.5.3}
x509_alg_pbeWithSha1AndDesCbc - 56-bit DES encryption with SHA-1 digest - {1.2.840.113549.1.5.10}
x509_alg_pbeWithMd2AndRc2Cbc - 64-bit RC2 encryption with MD2 digest - {1.2.840.113549.1.5.4}
x509_alg_pbeWithMd5AndRc2Cbc - 64-bit RC2 encryption with MD5 digest - {1.2.840.113549.1.5.6}
x509_alg_pbeWithSha1AndRc2Cbc - 64-bit RC2 encryption with SHA-1 digest - {1.2.840.113549.1.5.11}
x509_alg_pbeWithSha1And40BitRc2Cbc - 40-bit RC2 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.6}
x509_alg_pbeWithSha1And128BitRc2Cbc - 128-bit RC2 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.5}
x509_alg_pbeWithSha1And40BitRc4 - 40-bit RC4 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.2}
x509_alg_pbeWithSha1And128BitRc4 - 128-bit RC4 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.1}
x509_alg_pbeWithSha1And3DesCbc - 168-bit 3DES encryption with SHA-1 digest - {1.2.840.113549.1.12.1.3}