1.Dd $Mdocdate: November 5 2016 $ 2.Dt PKCS7_DECRYPT 3 3.Os 4.Sh NAME 5.Nm PKCS7_decrypt 6.Nd decrypt content from a PKCS#7 envelopedData structure 7.Sh SYNOPSIS 8.In openssl/pkcs7.h 9.Ft int 10.Fo PKCS7_decrypt 11.Fa "PKCS7 *p7" 12.Fa "EVP_PKEY *pkey" 13.Fa "X509 *cert" 14.Fa "BIO *data" 15.Fa "int flags" 16.Fc 17.Sh DESCRIPTION 18.Fn PKCS7_decrypt 19extracts and decrypts the content from a PKCS#7 envelopedData structure. 20.Fa pkey 21is the private key of the recipient, 22.Fa cert 23is the recipient's certificate, 24.Fa data 25is a 26.Vt BIO 27to write the content to and 28.Fa flags 29is an optional set of flags. 30.Pp 31.Xr OpenSSL_add_all_algorithms 3 32(or equivalent) should be called before using this function or errors 33about unknown algorithms will occur. 34.Pp 35Although the recipient's certificate is not needed to decrypt the data, 36it is needed to locate the appropriate (of possible several) recipients 37in the PKCS#7 structure. 38.Pp 39If the 40.Dv PKCS7_TEXT 41.Fa flag 42is set, MIME headers for type 43.Sy text/plain 44are deleted from the content. 45If the content is not of type 46.Sy text/plain , 47an error is returned. 48.Sh RETURN VALUES 49.Fn PKCS7_decrypt 50returns 1 for success or 0 for failure. 51The error can be obtained from 52.Xr ERR_get_error 3 53.Sh SEE ALSO 54.Xr ERR_get_error 3 , 55.Xr PKCS7_encrypt 3 56.Sh HISTORY 57.Fn PKCS7_decrypt 58was added to OpenSSL 0.9.5. 59.Sh BUGS 60.Fn PKCS7_decrypt 61must be passed the correct recipient key and certificate. 62It would be better if it could look up the correct key and certificate 63from a database. 64.Pp 65The lack of single pass processing and need to hold all data in memory 66as mentioned in 67.Xr PKCS7_sign 3 68also applies to 69.Xr PKCS7_decrypt 3 . 70