An EnvelopedData object contains encrypted content for one or more recipients. You can create
an EnvelopedData object using one of the
CMS_MakeEnvData,
CMS_MakeEnvDataFromString, or
CMS_MakeEnvDataFromBytes
functions.
The content is encrypted with a single, randomly-generated content encryption key (CEK). Each recipient is provided with this CEK encrypted specifically for them using one of four key management techniques. The combination of the encrypted content and one encrypted CEK is called a digital envelope for that recipient. An EnvelopedData object consists of a set of RecipientInfo types, one for each recipient, and the encrypted content.
There are four key management techniques.
KeyTransRecipientInfo (ktri) typeKeyAgreeRecipientInfo (kari) typeKEKRecipientInfo (kekri) typePasswordRecipientinfo (pwri) typeAs of [v20.6], all four key management techniques are supported. ktri has always been supported. Support for kari was added in [v20.5], and support for kekri and pwri added in [v20.6].
key transport (ktri). The CEK is encrypted in the recipient's public key.
We support the RSAES-PKCS1-v1_5 and the RSAES-OAEP encryption schemes.
Options: RSAES-OAEP can specify the hash algorithm to be used and the hash algorithm to be used with the MGF.
key agreement (kari). The recipient's public key and the sender's private key are used to generate a pairwise symmetric key, which is used to encrypt the CEK.
All elliptic curve public keys we support can be used in this mode. A key derivation function (KDF) and a key wrap algorithm must be specified.
Options: Supported KDFs are the ANSI-X9.63-KDF key derivation function and the HMAC-based Key Derivation Function (HKDF) from RFC 5869.
Additonal user key material (UKM) may be provided. Triple DES key wrap and the AES key wrap algorithms are supported.
symmetric key-encryption keys (kekri). The CEK is encrypted in a previously distributed symmetric key-encryption key.
Options: Triple DES key wrap and the AES key wrap algorithms are supported. Restricted to one recipient per document.
passwords (pwri). The CEK is encrypted in a key-encryption key derived from a password as described in [RFC3211].
The PWRI-KEK key wrap algorithm specified in section 2.3 of RFC3211 is used together with the PBKDF2 key derivation algorithm.
Options: The hash algorithm and iteration count used with PBKDF2 can be specified. Restricted to one recipient per document.
| Parameter | ktri | kari | kekri | pwri |
|---|---|---|---|---|
| certList | †cert[s] | †cert[s] | †"@kekri" | †"@pwri" |
| cipherAlg | ✓ | ✓ | ✓ | ✓ |
| keyEncrAlg | ✓ | N/A | N/A | N/A |
| hashAlg | ✓ | ✓ | N/A | ✓ |
| advOpts | ✓ | ✓ | ✓ | ✓ |
| kdfAlg | N/A | ✓ | N/A | N/A |
| keyWrapAlg | N/A | ✓ | ✓ | N/A |
| keyString | N/A | ukm | †kekstr | †password |
| count | N/A | N/A | N/A | iterCount |