Processes a PKCS #7 EncryptedData message.
Format
#include <gskcms.h>
gsk_status gsk_read_encrypted_data_msg (
const char * password,
gsk_buffer * stream,
gsk_buffer * data)
Parameters
- password
- Specifies the encryption password as a null-terminated string
in the local code page. The user will be prompted to enter the password
if NULL is specified for this parameter.
- stream
- Specifies the ASN.1 DER-encoded stream to be processed.
- data
- Returns the decrypted content of the EncryptedData message. The
application should call the gsk_free_buffer() routine to release
the data when it is no longer needed.
Results
The function return value will be
0 if no error is detected. Otherwise, it will be one of the return
codes listed in the gskcms.h include file. These are some
possible errors:
- [CMSERR_ALG_NOT_AVAILABLE]
- Encryption algorithm is not available.
- [CMSERR_ALG_NOT_SUPPORTED]
- Encryption algorithm is not supported.
- [CMSERR_API_NOT_SUPPORTED]
- The API is not supported.
- [CMSERR_CONTENT_NOT_SUPPORTED]
- The message content type is not EncryptedData or the content
of the EncryptedData message is not Data.
- [CMSERR_NO_CONTENT_DATA]
- The encrypted data length is zero.
- [CMSERR_NO_MEMORY]
- Insufficient storage is available.
Usage
The gsk_read_encrypted_data_msg() routine
processes a PKCS #7 (Cryptographic Message Syntax) EncryptedData message
created by the gsk_make_encrypted_data_msg() routine and returns
the decrypted message content. The encrypted data content type must
be Data.
gsk_read_encrypted_data_msg() is not supported
when executing in FIPS mode and will return CMSERR_API_NOT_SUPPORTED.
Calling the gsk_read_encrypted_data_msg() routine
is equivalent to calling the gsk_read_content_msg() routine,
the gsk_read_encrypted_data_content() routine, and the gsk_read_data_content() routine.
The
decryption key is derived from the password as described in PKCS #5, Version 2.0: Password-based
Encryption and PKCS
#12, Version 1.0: Personal Information Exchange. The
selected algorithm determines how the key is derived from the password.
These
password-based encryption algorithms are supported. The strong encryption
algorithms might not be available depending upon government export
regulations.
- x509_alg_pbeWithMd2AndDesCbc - 56-bit DES encryption with MD2
digest - {1.2.840.113549.1.5.1}
- x509_alg_pbeWithMd5AndDesCbc - 56-bit DES encryption with MD5
digest - {1.2.840.113549.1.5.3}
- x509_alg_pbeWithSha1AndDesCbc - 56-bit DES encryption with
SHA-1 digest - {1.2.840.113549.1.5.10}
- x509_alg_pbeWithMd2AndRc2Cbc - 64-bit RC2 encryption with MD2
digest - {1.2.840.113549.1.5.4}
- x509_alg_pbeWithMd5AndRc2Cbc - 64-bit RC2 encryption with MD5
digest - {1.2.840.113549.1.5.6}
- x509_alg_pbeWithSha1AndRc2Cbc - 64-bit RC2 encryption with
SHA-1 digest - {1.2.840.113549.1.5.11}
- x509_alg_pbeWithSha1And40BitRc2Cbc - 40-bit RC2 encryption
with SHA-1 digest - {1.2.840.113549.1.12.1.6}
- x509_alg_pbeWithSha1And128BitRc2Cbc - 128-bit RC2 encryption
with SHA-1 digest - {1.2.840.113549.1.12.1.5}
- x509_alg_pbeWithSha1And40BitRc4 - 40-bit RC4 encryption with
SHA-1 digest - {1.2.840.113549.1.12.1.2}
- x509_alg_pbeWithSha1And128BitRc4 - 128-bit RC4 encryption with
SHA-1 digest - {1.2.840.113549.1.12.1.1}
- x509_alg_pbeWithSha1And3DesCbc - 168-bit 3DES encryption with
SHA-1 digest - {1.2.840.113549.1.12.1.3}