pub struct Pkcs7(_);
Expand description
A PKCS#7 structure.
Contains signed and/or encrypted data.
Implementations§
source§impl Pkcs7
impl Pkcs7
sourcepub fn from_pem(pem: &[u8]) -> Result<Pkcs7, ErrorStack>
pub fn from_pem(pem: &[u8]) -> Result<Pkcs7, ErrorStack>
Deserializes a PEM-encoded PKCS#7 signature
The input should have a header of -----BEGIN PKCS7-----
.
This corresponds to PEM_read_bio_PKCS7
.
sourcepub fn from_der(der: &[u8]) -> Result<Pkcs7, ErrorStack>
pub fn from_der(der: &[u8]) -> Result<Pkcs7, ErrorStack>
Deserializes a DER-encoded PKCS#7 signature
This corresponds to d2i_PKCS7
.
sourcepub fn from_smime(input: &[u8]) -> Result<(Pkcs7, Option<Vec<u8>>), ErrorStack>
pub fn from_smime(input: &[u8]) -> Result<(Pkcs7, Option<Vec<u8>>), ErrorStack>
Parses a message in S/MIME format.
Returns the loaded signature, along with the cleartext message (if available).
This corresponds to SMIME_read_PKCS7
.
sourcepub fn encrypt(
certs: &StackRef<X509>,
input: &[u8],
cipher: Cipher,
flags: Pkcs7Flags
) -> Result<Pkcs7, ErrorStack>
pub fn encrypt( certs: &StackRef<X509>, input: &[u8], cipher: Cipher, flags: Pkcs7Flags ) -> Result<Pkcs7, ErrorStack>
Creates and returns a PKCS#7 envelopedData
structure.
certs
is a list of recipient certificates. input
is the content to be
encrypted. cipher
is the symmetric cipher to use. flags
is an optional
set of flags.
This corresponds to PKCS7_encrypt
.
sourcepub fn sign<PT>(
signcert: &X509Ref,
pkey: &PKeyRef<PT>,
certs: &StackRef<X509>,
input: &[u8],
flags: Pkcs7Flags
) -> Result<Pkcs7, ErrorStack>where
PT: HasPrivate,
pub fn sign<PT>( signcert: &X509Ref, pkey: &PKeyRef<PT>, certs: &StackRef<X509>, input: &[u8], flags: Pkcs7Flags ) -> Result<Pkcs7, ErrorStack>where PT: HasPrivate,
Creates and returns a PKCS#7 signedData
structure.
signcert
is the certificate to sign with, pkey
is the corresponding
private key. certs
is an optional additional set of certificates to
include in the PKCS#7 structure (for example any intermediate CAs in the
chain).
This corresponds to PKCS7_sign
.
Methods from Deref<Target = Pkcs7Ref>§
sourcepub fn to_smime(
&self,
input: &[u8],
flags: Pkcs7Flags
) -> Result<Vec<u8>, ErrorStack>
pub fn to_smime( &self, input: &[u8], flags: Pkcs7Flags ) -> Result<Vec<u8>, ErrorStack>
Converts PKCS#7 structure to S/MIME format
This corresponds to SMIME_write_PKCS7
.
sourcepub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the data into a PEM-encoded PKCS#7 structure.
The output will have a header of -----BEGIN PKCS7-----
.
This corresponds to PEM_write_bio_PKCS7
.
sourcepub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>
pub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the data into a DER-encoded PKCS#7 structure.
This corresponds to i2d_PKCS7
.
sourcepub fn decrypt<PT>(
&self,
pkey: &PKeyRef<PT>,
cert: &X509Ref,
flags: Pkcs7Flags
) -> Result<Vec<u8>, ErrorStack>where
PT: HasPrivate,
pub fn decrypt<PT>( &self, pkey: &PKeyRef<PT>, cert: &X509Ref, flags: Pkcs7Flags ) -> Result<Vec<u8>, ErrorStack>where PT: HasPrivate,
Decrypts data using the provided private key.
pkey
is the recipient’s private key, and cert
is the recipient’s
certificate.
Returns the decrypted message.
This corresponds to PKCS7_decrypt
.
sourcepub fn verify(
&self,
certs: &StackRef<X509>,
store: &X509StoreRef,
indata: Option<&[u8]>,
out: Option<&mut Vec<u8>>,
flags: Pkcs7Flags
) -> Result<(), ErrorStack>
pub fn verify( &self, certs: &StackRef<X509>, store: &X509StoreRef, indata: Option<&[u8]>, out: Option<&mut Vec<u8>>, flags: Pkcs7Flags ) -> Result<(), ErrorStack>
Verifies the PKCS#7 signedData
structure contained by &self
.
certs
is a set of certificates in which to search for the signer’s
certificate. store
is a trusted certificate store (used for chain
verification). indata
is the signed data if the content is not present
in &self
. The content is written to out
if it is not None
.
This corresponds to PKCS7_verify
.
sourcepub fn signers(
&self,
certs: &StackRef<X509>,
flags: Pkcs7Flags
) -> Result<Stack<X509>, ErrorStack>
pub fn signers( &self, certs: &StackRef<X509>, flags: Pkcs7Flags ) -> Result<Stack<X509>, ErrorStack>
Retrieve the signer’s certificates from the PKCS#7 structure without verifying them.
This corresponds to PKCS7_get0_signers
.