1 files changed, 65 insertions, 0 deletions
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
new file mode 100644
index 0000000000..1a507b22a2
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -0,0 +1,65 @@
+=pod
+=head1 NAME
+PKCS7_encrypt - create a PKCS#7 envelopedData structure
+=head1 SYNOPSIS
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+=head1 DESCRIPTION
+PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+=head1 NOTES
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
+supplied to this function must all contain RSA public keys, though they do not have to
+be signed using the RSA algorithm.
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
+most clients will support it.
+Some old "export grade" clients may only support weak encryption using 40 or 64 bit
+RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
+parameters. 
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+The following flags can be passed in the B<flags> parameter.
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+=head1 RETURN VALUES
+PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+=head1 BUGS
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+=head1 HISTORY
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+=cut

diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod new file mode 100644 index 0000000000..1a507b22a2 --- /dev/null +++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -0,0 +1,65 @@
	1	=pod
	2
	3	=head1 NAME
	4
	5	PKCS7_encrypt - create a PKCS#7 envelopedData structure
	6
	7	=head1 SYNOPSIS
	8
	9	PKCS7 PKCS7_encrypt(STACK_OF(X509) certs, BIO in, const EVP_CIPHER cipher, int flags);
	10
	11	=head1 DESCRIPTION
	12
	13	PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
	14	is a list of recipient certificates. B<in> is the content to be encrypted.
	15	B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
	16
	17	=head1 NOTES
	18
	19	Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
	20	supplied to this function must all contain RSA public keys, though they do not have to
	21	be signed using the RSA algorithm.
	22
	23	EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
	24	most clients will support it.
	25
	26	Some old "export grade" clients may only support weak encryption using 40 or 64 bit
	27	RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
	28
	29	The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
	30	parameters.
	31
	32	Many browsers implement a "sign and encrypt" option which is simply an S/MIME
	33	envelopedData containing an S/MIME signed message. This can be readily produced
	34	by storing the S/MIME signed message in a memory BIO and passing it to
	35	PKCS7_encrypt().
	36
	37	The following flags can be passed in the B<flags> parameter.
	38
	39	If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
	40	to the data.
	41
	42	Normally the supplied content is translated into MIME canonical format (as required
	43	by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
	44	option should be used if the supplied data is in binary format otherwise the translation
	45	will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
	46
	47	=head1 RETURN VALUES
	48
	49	PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
	50	The error can be obtained from ERR_get_error(3).
	51
	52	=head1 BUGS
	53
	54	The lack of single pass processing and need to hold all data in memory as
	55	mentioned in PKCS7_sign() also applies to PKCS7_verify().
	56
	57	=head1 SEE ALSO
	58
	59	L<ERR_get_error(3)\|ERR_get_error(3)>, L<PKCS7_decrypt(3)\|PKCS7_decrypt(3)>
	60
	61	=head1 HISTORY
	62
	63	PKCS7_decrypt() was added to OpenSSL 0.9.5
	64
	65	=cut