Create a CMS enveloped-data object for one or more recipients.
Public Function cmsMakeEnvData ( _ szFileOut As String, _ szFileIn As String, _ szCertList As String, _ Optional szKeyString As String = "", _ Optional nOptions As Long = 0, _ Optional nCount As Long = 0 _ ) As Long
"type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo (pwri) type;
or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo (kekri) type. See Remarks."#x<hex-digits>" to pass a string of arbitrary octet values,
e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Required for pwri and kekri types.PKI_BC_3DES (default) PKI_BC_AES128 PKI_BC_AES192 PKI_BC_AES256 PKI_AEAD_AES_128_GCM PKI_AEAD_AES_192_GCM PKI_AEAD_AES_256_GCM PKI_AEAD_CHACHA20_POLY1305To set the key transport scheme (where applicable), use one of
PKI_KT_RSAES_PKCS (default) PKI_KT_RSAES_OAEPIf you have selected
PKI_KT_RSAES_OAEP then, optionally, add
PKI_MGF_MGF1SHA1Select one hash algorithm for RSAES-OAEP or ECDH KDF or pwri PBKDF2:
PKI_HASH_SHA1 (default) PKI_HASH_SHA224 PKI_HASH_SHA256 PKI_HASH_SHA384 PKI_HASH_SHA512To set the key derivation function (KDF) for the ECDH key agreement scheme (where applicable), add one of:
PKI_KDF_X963 (default) PKI_KDF_HKDFadd one key wrap algorithm for the ECDH key agreement scheme or the kekri key encryption algorithm (default=match content encryption algorithm):
PKI_KWRAP_3DES (allowed only if Triple DES is used for content encryption) PKI_KWRAP_AES128 PKI_KWRAP_AES192 PKI_KWRAP_AES256Optionally, add any of the bitflags:
PKI_CMS_FORMAT_BASE64 (default=binary) PKI_CMS_ALT_ALGID PKI_CMS_BIGFILE (binary file to binary file only)
recipientInfo type for each recipient is set automatically depending on the public key found in their certificate.
If RSA, the key transport technique (ktri) will be used.
If ECC, then the standard ECDH ephemeral-static key agreement technique (kari) will be used.' Create an enveloped CMS object (ktri type) to Bob using Bob's RSA key... n = cmsMakeEnvData("cms2bob_aes128.p7m", "excontent.txt", "BobRSASignByCarl.cer", "", PKI_BC_AES128 Or PKI_KT_RSAES_OAEP) ' Same but using authenticated encryption and creating an authEnvelopedData object... n = cmsMakeEnvData("cms2bob_aes128auth.p7m", "excontent.txt", "BobRSASignByCarl.cer", "", PKI_AEAD_AES_128_GCM Or PKI_KT_RSAES_OAEP) ' Create an enveloped CMS object (kari type) to Dana using Dana's ECC key... n = cmsMakeEnvData("cms2dana_hkdf.p7m", "excontent.txt", "lamps-dana.encrypt.crt", "", PKI_BC_AES256 Or PKI_HASH_SHA256 Or PKI_KDF_HKDF Or PKI_KWRAP_AES256) ' Create an enveloped CMS object (kekri type) using a previously distributed symmetric key-encryption key (KEK)... n = cmsMakeEnvData("cms_envdata_kekri.p7m", "excontent.txt", "type=@kekri,keyid=ourcommonkey", "#x0123456789ABCDEFF0E1D2C3B4A59687", PKI_BC_AES256 Or PKI_HASH_SHA256 Or PKI_KWRAP_AES128) ' Create an enveloped CMS object (pwri type) using password-based key management... n = cmsMakeEnvData("cms_envdata_pwri.p7m", "excontent.txt", "type=@pwri", "password12345", PKI_BC_AES192)