Module pkcs7

pkcs7 module to create and process PKCS#7 files.

That only understands PKCS#7 v 1.5 as specified in IETF RFC 2315, and not currently parse CMS as described in IETF RFC 2630.

Usage:

    pkcs7 = require('openssl').pkcs7

Functions

read (input[, allow='auto']) read string or bio object, which include pkcs7 content
new ([oid=NID_pkcs7_signed[, content=NID_pkcs7_data]]) create new empty pkcs7 object, which support flexible sign methods.
create (certs[, crls]) create PKCS7 structure with certificates and CRLs
set_content (content) set content for PKCS7 structure
add (objects) add certificates or CRLs to PKCS7 structure
sign (msg, signcert, signkey[, cacerts[, flags=0]]) sign message with signcert and signpkey to create pkcs7 object
verify (in[, signercerts[, cacerts[, msg[, flags=0]]]]) verify pkcs7 object, and return msg content or verify result
encrypt (msg, recipcerts[, cipher='aes-128-cbc'[, flags]]) encrypt message with recipcerts certificates return encrypted pkcs7 object
decrypt (input, recipcert, recipkey) decrypt encrypted pkcs7 message

Class pkcs7

pkcs7:export ([support='pem']) export pkcs7 as string
pkcs7:type () get PKCS7 object type information
pkcs7:parse () export pkcs7 as a string
pkcs7:set_digest (digest) set digest algorithm for PKCS7 structure
pkcs7:final (p7, data[, flags=0]) finalize PKCS7 structure with data
pkcs7:verify ([signercerts[, cacerts[, msg[, flags=0]]]]) verify pkcs7 object, and return msg content or verify result
pkcs7:decrypt (recipcert, recipkey) decrypt encrypted pkcs7 message


Functions

read (input[, allow='auto'])
read string or bio object, which include pkcs7 content

Parameters:

  • input bio or string
  • allow format ‘auto’,‘der’,‘pem’,‘smime’ auto will only try ‘der’ or ‘pem’ (default 'auto')

Returns:

  1. pkcs7 object or nil
  2. string content exist only smime format
new ([oid=NID_pkcs7_signed[, content=NID_pkcs7_data]])
create new empty pkcs7 object, which support flexible sign methods.

Parameters:

  • oid int given pkcs7 type (default NID_pkcs7_signed)
  • content int given pkcs7 content type (default NID_pkcs7_data)

Returns:

    pkcs7 object
create (certs[, crls])
create PKCS7 structure with certificates and CRLs

Parameters:

  • certs table array of X509 certificates
  • crls table array of X509 CRLs (optional)

Returns:

    pkcs7 or nil new PKCS7 object or nil on error
set_content (content)
set content for PKCS7 structure

Parameters:

  • content pkcs7 PKCS7 content to set

Returns:

    boolean true on success, false on failure
add (objects)
add certificates or CRLs to PKCS7 structure

Parameters:

  • objects x509 or x509_crl... one or more X509 certificates or CRL objects to add

Returns:

    boolean true on success, false on failure
sign (msg, signcert, signkey[, cacerts[, flags=0]])
sign message with signcert and signpkey to create pkcs7 object

Parameters:

  • msg string or bio
  • signcert x509
  • signkey evp_pkey
  • cacerts stack_of_x509 (optional)
  • flags number (default 0)

Returns:

    pkcs7 object
verify (in[, signercerts[, cacerts[, msg[, flags=0]]]])
verify pkcs7 object, and return msg content or verify result

Parameters:

  • in pkcs7
  • signercerts stack_of_x509 (optional)
  • cacerts x509_store (optional)
  • msg string or bio (optional)
  • flags number (default 0)

Returns:

  1. string content
  2. boolean result
encrypt (msg, recipcerts[, cipher='aes-128-cbc'[, flags]])
encrypt message with recipcerts certificates return encrypted pkcs7 object

Parameters:

  • msg string or bio
  • recipcerts stack_of_x509
  • cipher string or evp_cipher (default 'aes-128-cbc')
  • flags number (optional)

Returns:

    pkcs7 encrypted PKCS7 object or nil on failure
decrypt (input, recipcert, recipkey)
decrypt encrypted pkcs7 message

Parameters:

  • input pkcs7
  • recipcert x509
  • recipkey evp_pkey

Returns:

    string decrypt message

Class pkcs7

openssl.pkcs7 object
pkcs7:export ([support='pem'])
export pkcs7 as string

Parameters:

  • support string export as ‘pem’ or ‘der’ format, default is ‘pem’ (default 'pem')

Returns:

    string
pkcs7:type ()
get PKCS7 object type information

Returns:

  1. string short name of PKCS7 type
  2. string long name of PKCS7 type
pkcs7:parse ()
export pkcs7 as a string

Returns:

    table a table has pkcs7 infomation, include type,and other things relate to types
pkcs7:set_digest (digest)
set digest algorithm for PKCS7 structure

Parameters:

  • digest string or evp_md algorithm name or digest object

Returns:

    boolean true on success, false on failure
pkcs7:final (p7, data[, flags=0])
finalize PKCS7 structure with data

Parameters:

  • p7 pkcs7 PKCS7 object to finalize
  • data bio or string data to finalize with
  • flags number finalization flags (default 0)

Returns:

    boolean true on success, false on failure
pkcs7:verify ([signercerts[, cacerts[, msg[, flags=0]]]])
verify pkcs7 object, and return msg content or verify result

Parameters:

  • signercerts stack_of_x509 (optional)
  • cacerts x509_store (optional)
  • msg string or bio (optional)
  • flags number (default 0)

Returns:

  1. string content
  2. boolean result
pkcs7:decrypt (recipcert, recipkey)
decrypt encrypted pkcs7 message

Parameters:

  • recipcert x509
  • recipkey evp_pkey

Returns:

    string decrypt message
generated by LDoc 1.5.0 Last updated 2025-11-02 11:59:05