CryptoSys PKI Pro Manual

CMS_ReadEnvData

Read and decrypt a CMS enveloped-data object to a file.

VBA/VB6 Syntax

Public Declare Function CMS_ReadEnvData Lib "diCrPKI.dll" (ByVal strFileOut As String, ByVal strFileIn As String, ByVal strCertFile As String, ByVal strPrivateKey As String, ByVal nOptions As Long) As Long

nRet = CMS_ReadEnvData(strFileOut, strFileIn, strCertFile, strPrivateKey, nOptions) As Long

C/C++ Syntax

long __stdcall CMS_ReadEnvData(const char *szFileOut, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions);

Parameters

szFileOut
[in] with name of output file to be created.
szFileIn
[in] with name of file containing input data (binary or base64-encoded) or the data as a base64 or PEM string.
szCertFile
[in] (optional) specifies the filename of the recipient's X.509 certificate.
szPrivateKey
[in] recipient's private key in internal string format.
nOptions
[in] option flags:
PKI_DEFAULT (0) for default options.
PKI_CMS_BIGFILE to speed up the processing of large files (binary only).

Returns (VBA/C)

If successful, the return value is zero; otherwise it returns a nonzero error code.

.NET Equivalent

Cms.ReadEnvDataToFile Method

C++ (STL) Equivalent

static int dipki::Cms::ReadEnvDataToFile (const std::string &outputFile, const std::string &inputFile, const std::string &privateKey, const std::string &certFile="", bool bigFile=false)

Python Equivalent

static Cms.read_envdata_to_file(outputfile, inputfile, prikeystr, certfile="", bigfile=False)

Remarks

If received as an attachment to an S/MIME email message, the user must first extract the CMS object from the email (Hint: use a text editor and cut out the base64 data from the message - see Sending an enveloped-data object and work backwards).

The optional certificate szCertFile is used to identify the intended recipient in a message addressed to multiple recipients. If the intended recipient's certificate is not provided, the first valid message that can be decrypted using the given private key, if any, will be extracted.

The supported EnvelopedData and AuthEnvelopedData objects are those described in CMS Content Types.

Use the PKI_CMS_BIGFILE option to process large files more efficiently. See the example in CMS_MakeEnvData().

[Changes in v12.1] To avoid certain attacks that rely on timing differences, the encrypted content will always be decrypted. If all else is good but no valid content encryption key (CEK) can be found in the recipient data, then a random key will be used. The end result in this latter case will always be a negative DECRYPT_ERROR with no further information as to the cause. If there is something obviously wrong with the input, such as a badly-formed input file (INVALID_DATA_ERROR), or the given certificate does not have a match with any recipient (NO_MATCH_ERROR), then an appropriate error code will be returned.

Example

The following example reads the file created with CMS_MakeEnvData above. Bob's private key needs to be read into a string first (see RSA_ReadEncPrivateKey). The output is written directly to a new file. 

Dim nRet As Long
Dim strFileIn As String
Dim strFileOut As String
Dim strPrivateKey As String

' Bob reads his private key into a string
strPrivateKey = rsaReadPrivateKey("BobPrivRSAEncrypt.p8e", "password")
If Len(strPrivateKey) = 0 Then
    MsgBox "Cannot read private key"
    Exit Function
End If

' Decrypt the input file; send plaintext to new output file
strFileIn = "cmsalice2bob.p7m"
strFileOut = "fromalice.txt"
nRet = CMS_ReadEnvData(strFileOut, strFileIn, "", strPrivateKey, 0)
Debug.Print "CMS_ReadEnvData returns " & nRet

' Clean up
WIPE_String strPrivateKey, Len(strPrivateKey)
strPrivateKey = ""

See Also

CMS_ReadEnvDataToString CMS_MakeEnvDataFromString CMS_MakeEnvData

[Contents] [Index]

[PREV: CMS_ReadComprData...]   [Contents]   [Index]   
   [NEXT: CMS_ReadEnvDataToBytes...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.