Cryptographic Message Syntax Services

Cryptographically sign and encrypt S/MIME messages.

Overview

When you want to exchange data securely using the Multipurpose Internet Mail Extensions (MIME) protocol, you use the version of the protocol known as S/MIME defined in RFC 3851. This allows you to, among other things, ensure data integrity through digital signatures and data confidentiality through encryption. S/MIME in turn relies on the Cryptographic Message Syntax (CMS) protocol defined in RFC 3852 to carry out these operations.

Cryptographic message syntax services provides encoder objects that perform encryption using the CMS protocol's enveloped-data content type and sign using the signed-data content type. When a message is both signed and encrypted, the enveloped data content contains the signed data content. That is, the message is first signed and then the signed content is encrypted.

Topics

The Encoder

CMSEncoderCreate

Creates a CMSEncoder reference.

CMSEncoderRef

Opaque reference to a CMS encoder object.

CMSEncoderGetTypeID

Returns the type identifier for the CMSEncoder opaque type.

Message Creation

CMSEncoderAddSigners

Specifies signers of the message.

CMSEncoderAddRecipients

Specifies a message is to be encrypted and specifies the recipients of the message.

CMSEncoderSetHasDetachedContent

Specifies whether the signed data is to be separate from the message.

CMSEncoderSetEncapsulatedContentTypeOID

Specifies an object identifier for the encapsulated data of a signed message.

CMSEncoderSetEncapsulatedContentType

Specifies an object identifier for the encapsulated data of a signed message.

Deprecated
CMSEncoderAddSupportingCerts

Adds certificates to a message.

CMSEncoderAddSignedAttributes

Specifies attributes for a signed message.

CMSSignedAttributes

Optional attributes you can add to a signed message.

CMSEncoderSetCertificateChainMode

Specifies which certificates to include in a signed CMS message.

CMSCertificateChainMode

Constants that can be set to specify what certificates to include in a signed message.

CMSEncoderSetSignerAlgorithm

Sets the digest algorithm to use for the signer.

Message Characteristics

CMSEncoderCopySigners

Obtains the array of signers specified with the CMSEncoderAddSigners function.

CMSEncoderCopyRecipients

Obtains the array of recipients specified with the CMSEncoderAddRecipients function.

CMSEncoderGetHasDetachedContent

Indicates whether the message is to have detached content.

CMSEncoderCopyEncapsulatedContentType

Obtains the object identifier for the encapsulated data of a signed message.

CMSEncoderCopySupportingCerts

Obtains the certificates added to a message with CMSEncoderAddSupportingCerts.

CMSEncoderGetCertificateChainMode

Obtains a constant that indicates which certificates are to be included in a signed CMS message.

Encoding

CMSEncoderUpdateContent

Feeds content bytes into the encoder.

CMSEncoderCopyEncodedContent

Finishes encoding the message and obtains the encoded result.

CMSEncodeContent

Encodes a message and obtains the result in one high-level function call.

CMSEncode

Encodes a message and obtains the result in one high-level function call.

Deprecated

The Decoder

CMSDecoderCreate

Creates a CMSDecoder reference.

CMSDecoderRef

An opaque reference to a CMS decoder object.

CMSDecoderGetTypeID

Returns the type identifier for the CMSDecoder opaque type.

Decoding

CMSDecoderUpdateMessage

Feeds raw bytes of the message to be decoded into the decoder.

CMSDecoderFinalizeMessage

Indicates that there is no more data to decode.

CMSDecoderSetDetachedContent

Specifies the message’s detached content, if any.

CMSDecoderCopyDetachedContent

Obtains the detached content specified with the CMSDecoderSetDetachedContent function.

Signature Verification

CMSDecoderSetSearchKeychain

Specifies the keychains to search for intermediate certificates to be used in verifying a signed message's signer certificates.

Deprecated
CMSDecoderGetNumSigners

Obtains the number of signers of a message.

CMSDecoderCopySignerEmailAddress

Obtains the email address of the specified signer of a CMS message.

CMSDecoderCopySignerCert

Obtains the certificate of the specified signer of a CMS message.

CMSDecoderCopySignerStatus

Obtains the status of a CMS message's signature.

CMSSignerStatus

The constants that indicate the status of the signature and signer information in a signed message.

Message Content

CMSDecoderIsContentEncrypted

Determines whether a CMS message was encrypted.

CMSDecoderCopyEncapsulatedContentType

Obtains the object identifier for the encapsulated data of a signed message.

CMSDecoderCopyAllCerts

Obtains an array of all of the certificates in a message.

CMSDecoderCopyContent

Obtains the message content, if any.

Timestamps

CMSDecoderCopySignerSigningTime

Obtains the signing time of a CMS message, if present.

CMSDecoderCopySignerTimestamp

Returns the timestamp of a signer of a CMS message, if present.

CMSDecoderCopySignerTimestampCertificates

Returns an array containing the certificates from a timestamp response.

CMSDecoderCopySignerTimestampWithPolicy

Returns the timestamp of a signer of a CMS message using a given policy, if present.

CMSEncoderCopySignerTimestamp

Returns the timestamp of a signer of a CMS message, if present.

CMSEncoderCopySignerTimestampWithPolicy

Returns the timestamp of a signer of a CMS message using a particular policy, if present.

See Also

Cryptography

Complying with Encryption Export Regulations

Declare the use of encryption in your app to streamline the app submission process.

Certificate, Key, and Trust Services

Establish trust using certificates and cryptographic keys.

Randomization Services

Generate cryptographically secure random numbers.

Security Transforms

Perform cryptographic functions like encoding, encryption, signing, and signature verification.

ASN.1

Encode and decode Distinguished Encoding Rules (DER) and Basic Encoding Rules (BER) data streams.