z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_read_encrypted_data_msg()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Processes a PKCS #7 EncryptedData message.

Format

#include <gskcms.h>

gsk_status gsk_read_encrypted_data_msg (
                                        const char *             password,
                                        gsk_buffer *             stream,
                                        gsk_buffer *             data)

Parameters

password
Specifies the encryption password as a null-terminated string in the local code page. The user will be prompted to enter the password if NULL is specified for this parameter.
stream
Specifies the ASN.1 DER-encoded stream to be processed.
data
Returns the decrypted content of the EncryptedData message. The application should call the gsk_free_buffer() routine to release the data when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_ALG_NOT_AVAILABLE]
Encryption algorithm is not available.
[CMSERR_ALG_NOT_SUPPORTED]
Encryption algorithm is not supported.
[CMSERR_API_NOT_SUPPORTED]
The API is not supported.
[CMSERR_CONTENT_NOT_SUPPORTED]
The message content type is not EncryptedData or the content of the EncryptedData message is not Data.
[CMSERR_NO_CONTENT_DATA]
The encrypted data length is zero.
[CMSERR_NO_MEMORY]
Insufficient storage is available.

Usage

The gsk_read_encrypted_data_msg() routine processes a PKCS #7 (Cryptographic Message Syntax) EncryptedData message created by the gsk_make_encrypted_data_msg() routine and returns the decrypted message content. The encrypted data content type must be Data.

gsk_read_encrypted_data_msg() is not supported when executing in FIPS mode and will return CMSERR_API_NOT_SUPPORTED.

Calling the gsk_read_encrypted_data_msg() routine is equivalent to calling the gsk_read_content_msg() routine, the gsk_read_encrypted_data_content() routine, and the gsk_read_data_content() routine.

The decryption key is derived from the password as described in PKCS #5, Version 2.0: Password-based Encryption and PKCS #12, Version 1.0: Personal Information Exchange. The selected algorithm determines how the key is derived from the password.

These password-based encryption algorithms are supported. The strong encryption algorithms might not be available depending upon government export regulations.

  • x509_alg_pbeWithMd2AndDesCbc - 56-bit DES encryption with MD2 digest - {1.2.840.113549.1.5.1}
  • x509_alg_pbeWithMd5AndDesCbc - 56-bit DES encryption with MD5 digest - {1.2.840.113549.1.5.3}
  • x509_alg_pbeWithSha1AndDesCbc - 56-bit DES encryption with SHA-1 digest - {1.2.840.113549.1.5.10}
  • x509_alg_pbeWithMd2AndRc2Cbc - 64-bit RC2 encryption with MD2 digest - {1.2.840.113549.1.5.4}
  • x509_alg_pbeWithMd5AndRc2Cbc - 64-bit RC2 encryption with MD5 digest - {1.2.840.113549.1.5.6}
  • x509_alg_pbeWithSha1AndRc2Cbc - 64-bit RC2 encryption with SHA-1 digest - {1.2.840.113549.1.5.11}
  • x509_alg_pbeWithSha1And40BitRc2Cbc - 40-bit RC2 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.6}
  • x509_alg_pbeWithSha1And128BitRc2Cbc - 128-bit RC2 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.5}
  • x509_alg_pbeWithSha1And40BitRc4 - 40-bit RC4 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.2}
  • x509_alg_pbeWithSha1And128BitRc4 - 128-bit RC4 encryption with SHA-1 digest - {1.2.840.113549.1.12.1.1}
  • x509_alg_pbeWithSha1And3DesCbc - 168-bit 3DES encryption with SHA-1 digest - {1.2.840.113549.1.12.1.3}
Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014