Creates PKCS #7 EncryptedData content information.
Format
#include <gskcms.h>
gsk_status gsk_make_encrypted_data_content (
int version,
x509_algorithm_type pbe_algorithm,
const char * password,
int iterations,
pkcs_content_info * content_data,
pkcs_content_info * content_info)
Parameters
- version
- Specifies the PKCS #7 EncryptedData version number. This must
be 0.
- pbe_algorithm
- Specifies the password-based encryption algorithm.
- password
- Specifies the encryption password as a null-terminated string
in the local code page. The user will be prompted to enter the password
if NULL is specified for this parameter.
- iterations
- Specifies the number of iterations used to derive the encryption
key from the password. It is recommended that iterations be specified
as 1024 or greater.
- content_data
- Specifies the EncryptedData content. This must be one of the
content information types defined in PKCS #7.
- content_info
- Returns the EncryptedData content information. The application
should call the gsk_free_content_info() routine to release
the content information when it is no longer needed.
Results
The function return value will be
0 if no error is detected. Otherwise, it will be one of the return
codes listed in the gskcms.h include file. These are some
possible errors:
- [CMSERR_ALG_NOT_AVAILABLE]
- Encryption algorithm is not available
- [CMSERR_ALG_NOT_SUPPORTED]
- Encryption algorithm is not supported
- [CMSERR_API_NOT_SUPPORTED]
- The API is not supported.
- [CMSERR_CONTENT_NOT_SUPPORTED]
- The content type is not supported
- [CMSERR_NO_CONTENT_DATA]
- The content data length is zero
- [CMSERR_NO_MEMORY]
- Insufficient storage is available
- [CMSERR_VERSION_NOT_SUPPORTED]
- The version is not valid
Usage
The gsk_make_encrypted_data_content() routine
creates PKCS #7 (Cryptographic Message Syntax) EncryptedData content
information. The data content type must be one of the types defined
by PKCS #7. The gsk_read_encrypted_data_content() routine
can be used to extract the content data from the content information.
gsk_make_encrypted_data_content() is not supported
when executing in FIPS mode and will return CMSERR_API_NOT_SUPPORTED.
The encryption key is derived from the password as described
in PKCS #5, Version 2.0: Password-based
Encryption and PKCS
#12, Version 1.0: Personal Information Exchange. The
selected algorithm determines how the key is derived from the password.
These
password-based encryption algorithms are supported. The strong encryption
algorithms may not be available depending upon government export regulations.
- x509_alg_pbeWithMd2AndDesCbc - 56-bit DES encryption with MD2
digest - {1.2.840.113549.1.5.1}
- x509_alg_pbeWithMd5AndDesCbc - 56-bit DES encryption with MD5
digest - {1.2.840.113549.1.5.3}
- x509_alg_pbeWithSha1AndDesCbc - 56-bit DES encryption with
SHA-1 digest - {1.2.840.113549.1.5.10}
- x509_alg_pbeWithMd2AndRc2Cbc - 64-bit RC2 encryption with MD2
digest - {1.2.840.113549.1.5.4}
- x509_alg_pbeWithMd5AndRc2Cbc - 64-bit RC2 encryption with MD5
digest - {1.2.840.113549.1.5.6}
- x509_alg_pbeWithSha1AndRc2Cbc - 64-bit RC2 encryption with
SHA-1 digest - {1.2.840.113549.1.5.11}
- x509_alg_pbeWithSha1And40BitRc2Cbc - 40-bit RC2 encryption
with SHA-1 digest - {1.2.840.113549.1.12.1.6}
- x509_alg_pbeWithSha1And128BitRc2Cbc - 128-bit RC2 encryption
with SHA-1 digest - {1.2.840.113549.1.12.1.5}
- x509_alg_pbeWithSha1And40BitRc4 - 40-bit RC4 encryption with
SHA-1 digest - {1.2.840.113549.1.12.1.2}
- x509_alg_pbeWithSha1And128BitRc4 - 128-bit RC4 encryption with
SHA-1 digest - {1.2.840.113549.1.12.1.1}
- x509_alg_pbeWithSha1And3DesCbc - 168-bit 3DES encryption with
SHA-1 digest - {1.2.840.113549.1.12.1.3}