CMS_EncryptedData_decrypt, CMS_EnvelopedData_decrypt - Decrypt CMS EncryptedData or EnvelopedData

#include <openssl/cms.h>
int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                              const unsigned char *key, size_t keylen,
                              BIO *dcont, BIO *out, unsigned int flags);
BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
                               EVP_PKEY *pkey, X509 *cert,
                               ASN1_OCTET_STRING *secret, unsigned int flags,
                               OSSL_LIB_CTX *libctx, const char *propq);

CMS_EncryptedData_decrypt() decrypts a cms EncryptedData object using the symmetric key of size keylen bytes. out is a BIO to write the content to and flags is an optional set of flags. dcont is used in the rare case where the encrypted content is detached. It will normally be set to NULL.

The following flags can be passed in the flags parameter.

If the CMS_TEXT flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is returned.

CMS_EnvelopedData_decrypt() decrypts, similarly to CMS_decrypt(3), a CMS EnvelopedData object env using the symmetric key secret if it is not NULL, otherwise the private key of the recipient pkey. If pkey is given, it is recommended to provide also the associated certificate in cert - see CMS_decrypt(3) and the NOTES on cert there. The optional parameters flags and dcont are used as described above. The optional parameters library context libctx and property query propq are used when retrieving algorithms from providers.

CMS_EncryptedData_decrypt() returns 0 if an error occurred otherwise returns 1.

CMS_EnvelopedData_decrypt() returns NULL if an error occurred, otherwise a BIO containing the decypted content.

ERR_get_error(3), CMS_EncryptedData_encrypt(3), CMS_decrypt(3)

CMS_EnvelopedData_decrypt() was added in OpenSSL 3.2.

Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at

2024-06-04 3.3.1