PKCS7_encrypt(3)                    OpenSSL                   PKCS7_encrypt(3)


NNAAMMEE
       PKCS7_encrypt - create a PKCS#7 envelopedData structure

SSYYNNOOPPSSIISS
        #include <openssl/pkcs7.h>

        PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);

DDEESSCCRRIIPPTTIIOONN
       _P_K_C_S_7___e_n_c_r_y_p_t_(_) creates and returns a PKCS#7 envelopedData structure.
       cceerrttss is a list of recipient certificates. iinn is the content to be
       encrypted.  cciipphheerr is the symmetric cipher to use. ffllaaggss is an optional
       set of flags.

NNOOTTEESS
       Only RSA keys are supported in PKCS#7 and envelopedData so the recipi-
       ent certificates supplied to this function must all contain RSA public
       keys, though they do not have to be signed using the RSA algorithm.

       _E_V_P___d_e_s___e_d_e_3___c_b_c_(_) (triple DES) is the algorithm of choice for S/MIME
       use because most clients will support it.

       Some old "export grade" clients may only support weak encryption using
       40 or 64 bit RC2. These can be used by passing _E_V_P___r_c_2___4_0___c_b_c_(_) and
       _E_V_P___r_c_2___6_4___c_b_c_(_) respectively.

       The algorithm passed in the cciipphheerr parameter must support ASN1 encoding
       of its parameters.

       Many browsers implement a "sign and encrypt" option which is simply an
       S/MIME envelopedData containing an S/MIME signed message. This can be
       readily produced by storing the S/MIME signed message in a memory BIO
       and passing it to _P_K_C_S_7___e_n_c_r_y_p_t_(_).

       The following flags can be passed in the ffllaaggss parameter.

       If the PPKKCCSS77__TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are
       prepended to the data.

       Normally the supplied content is translated into MIME canonical format
       (as required by the S/MIME specifications) if PPKKCCSS77__BBIINNAARRYY is set no
       translation occurs. This option should be used if the supplied data is
       in binary format otherwise the translation will corrupt it. If
       PPKKCCSS77__BBIINNAARRYY is set then PPKKCCSS77__TTEEXXTT is ignored.

       If the PPKKCCSS77__SSTTRREEAAMM flag is set a partial PPKKCCSS77 structure is output
       suitable for streaming I/O: no data is read from the BIO iinn.

NNOOTTEESS
       If the flag PPKKCCSS77__SSTTRREEAAMM is set the returned PPKKCCSS77 structure is nnoott
       complete and outputting its contents via a function that does not prop-
       erly finalize the PPKKCCSS77 structure will give unpredictable results.

       Several functions including _S_M_I_M_E___w_r_i_t_e___P_K_C_S_7_(_),
       _i_2_d___P_K_C_S_7___b_i_o___s_t_r_e_a_m_(_), _P_E_M___w_r_i_t_e___b_i_o___P_K_C_S_7___s_t_r_e_a_m_(_) finalize the
       structure. Alternatively finalization can be performed by obtaining the
       streaming ASN1 BBIIOO directly using _B_I_O___n_e_w___P_K_C_S_7_(_).

RREETTUURRNN VVAALLUUEESS
       _P_K_C_S_7___e_n_c_r_y_p_t_(_) returns either a PKCS7 structure or NULL if an error
       occurred.  The error can be obtained from _E_R_R___g_e_t___e_r_r_o_r(3).

SSEEEE AALLSSOO
       _E_R_R___g_e_t___e_r_r_o_r(3), _P_K_C_S_7___d_e_c_r_y_p_t(3)

HHIISSTTOORRYY
       _P_K_C_S_7___d_e_c_r_y_p_t_(_) was added to OpenSSL 0.9.5 The PPKKCCSS77__SSTTRREEAAMM flag was
       first supported in OpenSSL 1.0.0.


1.0.2u                            2019-12-20                  PKCS7_encrypt(3)