CryptoSys PKI Toolkit Manual

CMS_MakeEnvData

CMS_MakeEnvData creates an encrypted CMS enveloped-data object for one or more recipients using their x.509 certificates.

VB6/VBA Syntax

Public Declare Function CMS_MakeEnvData Lib "diCrPKI.dll" (ByVal strFileOut As String, ByVal strFileIn As String, ByVal strCertList As String, ByVal strSeed As String, ByVal nSeedLen As Long, ByVal nOptions As Long) As Long

nRet = CMS_MakeEnvData(strFileOut, strFileIn, strCertList, strSeed, nSeedLen, nOptions) As Long

Parameters

strFileOut
[in] String with name of output file to be created.
strFileIn
[in] String with name of file containing input data.
strCertList
[in] String containing a list of files that contain the certificates of recipients separated by semi-colons(;)
strSeed
[in] String containing a user-specified seed to be used by the random number generator. Specify an empty string ("") to ignore.
nSeedLen
[in] Long specifying the length of the seed string.
nOptions
[in] Long option flags:
PKI_DEFAULT (0) for default options (rsaEncryption, des-EDE3-CBC, binary output).
PKI_CMS_FORMAT_BASE64 to format the output with base64 encoding (default output is binary)
PKI_CMS_ALT_ALGID to use specialist alternative encryption algorithm identifier (see Remarks)
PKI_KT_RSA_KEM to use RSA-KEM instead of rsaEncyption for key encryption (see Remarks)
plus, optionally, one of the following:
PKI_BC_AES128 to use aes128-CBC for content encryption
PKI_BC_AES192 to use aes192-CBC for content encryption
PKI_BC_AES256 to use aes256-CBC for content encryption
PKI_BC_3DES to use des-ede3-cbc for content encryption

C/C++ Syntax

long _stdcall CMS_MakeEnvData(const char *szFileOut, const char *szFileIn, const char *szCertList, const char *sSeed, long nSeedLen, long nOptions);

Returns (VB6/C)

Long: If successful, the return value is the number of successful recipients; otherwise it returns a negative error code.

.NET Equivalent

Cms.MakeEnvData Method
Cms.MakeEnvData Method

Remarks

The output is always a CMS EnvelopedData file which can be sent as part of an S/MIME message. Multiple recipients are supported provided their X.509 certificates are available. No checks are made on the validity period of the X.509 certificates. Only CMS Version zero enveloped-data objects using the key transport technique are supported. The RecipientIdentifier must be issuerAndSerialNumber. As of this release, OriginatorInfo and UnprotectedAttrs options are not supported.

To check for partial errors if not all the recipients' certificates were accepted, check if PKI_ErrorCode() <> 0 and if so then call PKI_LastError() for more details.

[Specialist Option] If the PKI_CMS_ALT_ALGID option flag is present, an alternative Content Encryption Algorithm Identifier will be used as follows:

Default Content Encryption Algorithm Identifier with PKI_CMS_ALT_ALGID
des-ede3-cbc (1.2.840.113549.3.7)des_3CBC_pad (1.3.36.3.1.3.2.1)

This alternative TeleTrusT algorithm identifier was added for compatibility with certain German profiles. It is not an S/MIME-compliant OID. We were initially told it was required by the German Health System PKI, but apparently not so. It is only needed for backwards compatibility. Anyway, it's there if you need it.

The RSA-KEM key encryption algorithm added provisionally in v3.2 has been withdrawn in v3.4.

Example

The following example reproduces example 5.1 from [SMIME-EX]. It creates an EnvelopedData CMS object for Bob from the data file C:\test\excontent.txt using Bob's X.509 certificate BobRSASignByCarl.cer. 

Dim nRet As Long
Dim strOutputFile As String
Dim strInputFile As String
Dim strCertFile As String

strOutputFile = "C:\test\cmsalice2bob.p7m"
strInputFile = "C:\test\excontent.txt"
strCertFile = "C:\test\BobRSASignByCarl.cer"
' This should return 1 (indicating one successful recipient)
nRet = CMS_MakeEnvData(strOutputFile, strInputFile, strCertFile, "", 0, 0)
Debug.Print "CMS_MakeEnvData returns " & nRet

Note that the output file will always be different from the smime-example because the content-encryption key, IV and the encrypted-content will be different each time.

The next example does the same except for two recipients: Bob and Carl. 

' This should return 2 (indicating two successful recipients)
nRet = CMS_MakeEnvData("C:\test\cms2bobandcarl.p7m", "C:\test\excontent.txt", _
    "C:\test\BobRSASignByCarl.cer;C:\test\CarlRSASelf.cer", "", 0, 0)
Debug.Print "CMS_MakeEnvData returns " & nRet

The third example is the same as the first, except it uses AES-128 instead of Triple-DES to encrypt the content. 

nRet = CMS_MakeEnvData("C:\test\cms2bob_aes128.p7m", "C:\test\excontent.txt", _
    "C:\test\BobRSASignByCarl.cer", "", 0, PKI_BC_AES128)
Debug.Print "CMS_MakeEnvData returns " & nRet

See Also

CMS_MakeEnvDataFromString CMS_ReadEnvData CMS_ReadEnvDataToString

[Contents] [Index]

[HOME]   [NEXT: CMS_MakeEnvDataFromString...]
Copyright © 2004-9 D.I. Management Services Pty Ltd. All rights reserved.