openssl/doc/internal/man3/ossl_cms_sign_encrypt.pod

=pod

=head1 NAME

ossl_cms_sign_encrypt
- Create CMS envelope

=head1 SYNOPSIS

 #include <openssl/cms.h>

 CMS_EnvelopedData *ossl_cms_sign_encrypt(BIO *data, X509 *sign_cert, STACK_OF(X509) *certs,
                                          EVP_PKEY *sign_key, unsigned int sign_flags,
                                          STACK_OF(X509) *enc_recip, const EVP_CIPHER *cipher,
                                          unsigned int enc_flags, OSSL_LIB_CTX *libctx,
                                          const char *propq);

=head1 DESCRIPTION

ossl_cms_sign_encrypt() creates a B<CMS_EnvelopedData> structure for recipients in
I<enc_recip>.

I<data> is signed using I<signcert> and I<signkey> to create B<CMS_SignedData> 
and then encrypted using I<enc_recip> to create B<CMS_EnvelopedData>.
The library context I<libctx> and the property query I<propq> are used
when retrieving algorithms from providers.

I<certs> is an optional additional set of certificates to include in the
B<CMS_SignedData> structure (e.g., any intermediate CAs in the chain of the signer certificate).

I<sign_flags> is an optional set of flags for the signing operation.
See L<CMS_sign_ex(3)> for more information.

I<enc_flags> is an optional set of flags for the encryption operation.
See L<CMS_encrypt_ex(3)> for more information.

=head1 RETURN VALUES

If the allocation fails, ossl_cms_sign_encrypt() returns NULL and
sets an error code that can be obtained by L<ERR_get_error(3)>.
Otherwise, it returns a pointer to the newly allocated structure.

=head1 HISTORY

ossl_cms_sign_encrypt() was added in OpenSSL 3.5.

=head1 COPYRIGHT

Copyright 2023-2025 - 2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut