PKCS7_sign_add_signer(3) OpenSSL PKCS7_sign_add_signer(3) NNAAMMEE PKCS7_sign_add_signer - add a signer PKCS7 signed data structure. SSYYNNOOPPSSIISS #include PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); DDEESSCCRRIIPPTTIIOONN _P_K_C_S_7___s_i_g_n___a_d_d___s_i_g_n_e_r_(_) adds a signer with certificate ssiiggnncceerrtt and private key ppkkeeyy using message digest mmdd to a PKCS7 signed data struc- ture pp77. The PKCS7 structure should be obtained from an initial call to _P_K_C_S_7___s_i_g_n_(_) with the flag PPKKCCSS77__PPAARRTTIIAALL set or in the case or re-sign- ing a valid PKCS7 signed data structure. If the mmdd parameter is NNUULLLL then the default digest for the public key algorithm will be used. Unless the PPKKCCSS77__RREEUUSSEE__DDIIGGEESSTT flag is set the returned PKCS7 structure is not complete and must be finalized either by streaming (if applica- ble) or a call to _P_K_C_S_7___f_i_n_a_l_(_). NNOOTTEESS The main purpose of this function is to provide finer control over a PKCS#7 signed data structure where the simpler _P_K_C_S_7___s_i_g_n_(_) function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. Any of the following flags (ored together) can be passed in the ffllaaggss parameter. If PPKKCCSS77__RREEUUSSEE__DDIIGGEESSTT is set then an attempt is made to copy the con- tent digest value from the PKCS7 struture: to add a signer to an exist- ing structure. An error occurs if a matching digest value cannot be found to copy. The returned PKCS7 structure will be valid and finalized when this flag is set. If PPKKCCSS77__PPAARRTTIIAALL is set in addition to PPKKCCSS77__RREEUUSSEE__DDIIGGEESSTT then the PPKKCCSS77__SSIIGGNNEERR__IINNOO structure will not be finalized so additional attributes can be added. In this case an explicit call to _P_K_C_S_7___S_I_G_N_E_R___I_N_F_O___s_i_g_n_(_) is needed to finalize it. If PPKKCCSS77__NNOOCCEERRTTSS is set the signer's certificate will not be included in the PKCS7 structure, the signer's certificate must still be supplied in the ssiiggnncceerrtt parameter though. This can reduce the size of the sig- nature if the signers certificate can be obtained by other means: for example a previously signed message. The signedData structure includes several PKCS#7 autenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If PPKKCCSS77__NNOOAATTTTRR is set then no authenticatedAttributes will be used. If PPKKCCSS77__NNOOSSMMIIMMEECCAAPP is set then just the SMIMECapabilities are omitted. If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included. _P_K_C_S_7___s_i_g_n___a_d_d___s_i_g_n_e_r_s_(_) returns an internal pointer to the PKCS7_SIGNER_INFO structure just added, this can be used to set addi- tional attributes before it is finalized. RREETTUURRNN VVAALLUUEESS _P_K_C_S_7___s_i_g_n___a_d_d___s_i_g_n_e_r_s_(_) returns an internal pointer to the PKCS7_SIGNER_INFO structure just added or NULL if an error occurs. SSEEEE AALLSSOO _E_R_R___g_e_t___e_r_r_o_r(3), _P_K_C_S_7___s_i_g_n(3), _P_K_C_S_7___f_i_n_a_l(3), HHIISSTTOORRYY _P_P_K_C_S_7___s_i_g_n___a_d_d___s_i_g_n_e_r_(_) was added to OpenSSL 1.0.0 1.0.1u 2016-09-22 PKCS7_sign_add_signer(3)