Sortix cross-nightly manual
This manual documents Sortix cross-nightly. You can instead view this document in the latest official manual.
NAME
CMS_add1_signer, CMS_SignerInfo_sign — add a signer to a CMS SignedData structureSYNOPSIS
#include <openssl/cms.h>CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags);
CMS_SignerInfo_sign(CMS_SignerInfo *si);
DESCRIPTION
CMS_add1_signer() adds a signer with certificate signcert and private key pkey using message digest md to the signerInfos field of the SignedData structure cms, which should have been obtained from an initial call to CMS_sign(3) with the flag CMS_PARTIAL set, or which can be a valid SignedData structure in the case of re-signing.- CMS_REUSE_DIGEST
- Attempt to copy the content digest value from one of the existing CMS_SignerInfo structures in cms while adding another signer. An error occurs if a matching digest value cannot be found to copy. The cms structure will be valid and finalized when this flag is set.
- CMS_PARTIAL
- If this flag is set in addition to CMS_REUSE_DIGEST, the returned CMS_SignerInfo structure will not be finalized so additional attributes can be added. In this case an explicit call to CMS_SignerInfo_sign() is needed to finalize it.
- CMS_NOCERTS
- Do not add the signer's certificate to the certificates field of cms. The signer's certificate must still be supplied in the signcert parameter though. This flag can reduce the size of the signature if the signer's certificate can be obtained by other means, for example from a previously signed message.
- CMS_NOATTR
- Leave the signedAttrs field of the returned CMS_SignedData structure empty. By default, several CMS SignedAttributes are added, including the signing time, the CMS content type, and the supported list of ciphers in an SMIMECapabilities attribute.
- CMS_NOSMIMECAP
- Omit just the SMIMECapabilities attribute.
- CMS_USE_KEYID
- Use the subject key identifier value to identify signing certificates. An error occurs if the signing certificate does not have a subject key identifier extension. By default, issuer name and serial number are used instead.
RETURN VALUES
CMS_add1_signer() returns an internal pointer to the new CMS_SignerInfo structure just added or NULL if an error occurs.STANDARDS
RFC 5652: Cryptographic Message Syntax, section 5.1: SignedData Type- section 2.5: Attributes and the SignerInfo Type
- section 2.5.2: SMIMECapabilities Attribute