* ext/openssl/ossl_pkcs5.c: New module.

* ext/openssl/ossl_{cipher,digest,pkcs7,pkcs12}.c: Remove redundant module namespace. * ext/openssl/lib/openssl/{cipher,digest}.rb Add backwards compatibile classes for rearranged classes. * ext/openssl/ossl_{pkcs7,pkcs12}.c: Add documentation. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-04-05 05:59:22 +00:00 · 2007-04-05 05:59:22 +00:00 · 953e8aca2b
commit 953e8aca2b
parent f1796fdb2c
14 changed files with 245 additions and 56 deletions
--- a/12
+++ b/12
@ -1,3 +1,15 @@
 Thu Apr  5 14:58:49 2007  Technorama Ltd. <oss-ruby@technorama.net>
 	* ext/openssl/ossl_pkcs5.c: New module.
 	* ext/openssl/ossl_{cipher,digest,pkcs7,pkcs12}.c:
 	  Remove redundant module namespace.
 	* ext/openssl/lib/openssl/{cipher,digest}.rb
 	  Add backwards compatibile classes for rearranged classes.
 	* ext/openssl/ossl_{pkcs7,pkcs12}.c: Add documentation.
 Thu Apr  5 00:42:48 2007  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 	* error.c (rb_notimplement), io.c (pipe_open): removed definite
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@ -83,6 +83,8 @@ have_func("HMAC_CTX_cleanup")
 have_func("HMAC_CTX_copy")
 have_func("HMAC_CTX_init")
 have_func("PEM_def_callback")
 have_func("PKCS5_PBKDF2_HMAC")
 have_func("PKCS5_PBKDF2_HMAC_SHA1")
 have_func("X509V3_set_nconf")
 have_func("X509V3_EXT_nconf_nid")
 have_func("X509_CRL_add0_revoked")
--- a/ext/openssl/lib/openssl/cipher.rb
+++ b/ext/openssl/lib/openssl/cipher.rb
@ -19,7 +19,7 @@
 #require 'openssl'
 module OpenSSL
-  module Cipher
+  class Cipher
    %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
      klass = Class.new(Cipher){
        define_method(:initialize){|*args|
@ -41,22 +41,25 @@ module OpenSSL
      const_set("AES#{keylen}", klass)
    }
-    class Cipher
+    # Generate, set, and return a random key.
-      # Generate, set, and return a random key.
+    # You must call cipher.encrypt or cipher.decrypt before calling this method.
-      # You must call cipher.encrypt or cipher.decrypt before calling this method.
+    def random_key
-      def random_key
+      str = OpenSSL::Random.random_bytes(self.key_len)
-        str = OpenSSL::Random.random_bytes(self.key_len)
+      self.key = str
-        self.key = str
+      return str
-        return str
+    end
      end
-      # Generate, set, and return a random iv.
+    # Generate, set, and return a random iv.
-      # You must call cipher.encrypt or cipher.decrypt before calling this method.
+    # You must call cipher.encrypt or cipher.decrypt before calling this method.
-      def random_iv
+    def random_iv
-        str = OpenSSL::Random.random_bytes(self.iv_len)
+      str = OpenSSL::Random.random_bytes(self.iv_len)
-        self.iv = str
+      self.iv = str
-        return str
+      return str
-      end
+    end
    # This class is only provided for backwards compatibility.  Use OpenSSL::Digest in the future.
    class Cipher < Cipher
      # add warning
    end
  end # Cipher
 end # OpenSSL
--- a/ext/openssl/lib/openssl/digest.rb
+++ b/ext/openssl/lib/openssl/digest.rb
@ -19,7 +19,7 @@
 #require 'openssl'
 module OpenSSL
-  module Digest
+  class Digest
    alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
    if OPENSSL_VERSION_NUMBER > 0x00908000
@ -44,6 +44,11 @@ module OpenSSL
      const_set(name, klass)
    }
    # This class is only provided for backwards compatibility.  Use OpenSSL::Digest in the future.
    class Digest < Digest
      # add warning
    end
  end # Digest
 end # OpenSSL
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@ -473,6 +473,7 @@ Init_openssl()
    Init_ossl_ns_spki();
    Init_ossl_pkcs12();
    Init_ossl_pkcs7();
    Init_ossl_pkcs5();
    Init_ossl_pkey();
    Init_ossl_rand();
    Init_ossl_ssl();
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@ -26,7 +26,6 @@
 /*
 * Classes
 */
 VALUE mCipher;
 VALUE cCipher;
 VALUE eCipherError;
@ -540,13 +539,12 @@ Init_ossl_cipher(void)
 #if 0 /* let rdoc know about mOSSL */
    mOSSL = rb_define_module("OpenSSL");
 #endif
-    mCipher = rb_define_module_under(mOSSL, "Cipher");
+    cCipher = rb_define_class_under(mOSSL, "Cipher", rb_cObject);
-    eCipherError = rb_define_class_under(mOSSL, "CipherError", eOSSLError);
+    eCipherError = rb_define_class_under(cCipher, "CipherError", eOSSLError);
    cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject);
    rb_define_alloc_func(cCipher, ossl_cipher_alloc);
    rb_define_copy_func(cCipher, ossl_cipher_copy);
-    rb_define_module_function(mCipher, "ciphers", ossl_s_ciphers, 0);
+    rb_define_module_function(cCipher, "ciphers", ossl_s_ciphers, 0);
    rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
    rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
    rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
--- a/ext/openssl/ossl_cipher.h
+++ b/ext/openssl/ossl_cipher.h
@ -11,7 +11,6 @@
 #if !defined(_OSSL_CIPHER_H_)
 #define _OSSL_CIPHER_H_
 extern VALUE mCipher;
 extern VALUE cCipher;
 extern VALUE eCipherError;
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@ -24,7 +24,6 @@
 /*
 * Classes
 */
 VALUE mDigest;
 VALUE cDigest;
 VALUE eDigestError;
@ -321,11 +320,8 @@ Init_ossl_digest()
    mOSSL = rb_define_module("OpenSSL");
 #endif
-    mDigest = rb_define_module_under(mOSSL, "Digest");
+    cDigest = rb_define_class_under(mOSSL, "Digest", rb_cObject);
-	
+    eDigestError = rb_define_class_under(cDigest, "DigestError", eOSSLError);
    eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError);
    cDigest = rb_define_class_under(mDigest, "Digest", rb_cObject);
    rb_define_alloc_func(cDigest, ossl_digest_alloc);
    rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 2);
--- a/ext/openssl/ossl_digest.h
+++ b/ext/openssl/ossl_digest.h
@ -11,7 +11,6 @@
 #if !defined(_OSSL_DIGEST_H_)
 #define _OSSL_DIGEST_H_
 extern VALUE mDigest;
 extern VALUE cDigest;
 extern VALUE eDigestError;
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@ -30,7 +30,6 @@
 /*
 * Classes
 */
 VALUE mPKCS12;
 VALUE cPKCS12;
 VALUE ePKCS12Error;
@ -49,32 +48,85 @@ ossl_pkcs12_s_allocate(VALUE klass)
    return obj;
 }
 /*
 * call-seq:
 *    PKCS12.create(pass, name, key, cert [, ca, [, key_pbe [, cert_pbe [, key_iter [, mac_iter [, keytype]]]]]])
 *
 * === Parameters
 * * +pass+ - string
 * * +name+ - A string describing the key.
 * * +key+ - Any PKey.
 * * +cert+ - A X509::Certificate.
 * * * The public_key portion of the certificate must contain a valid public key.
 * * * The not_before and not_after fields must be filled in.
 * * +ca+ - An optional array of X509::Certificate's.
 * * +key_pbe+ - string
 * * +cert_pbe+ - string
 * * +key_iter+ - integer
 * * +mac_iter+ - integer
 * * +keytype+ - An integer representing an MSIE specific extension.
 *
 * Any optional arguments may be supplied as nil to preserve the OpenSSL defaults.
 *
 * See the OpenSSL documentation for PKCS12_create().
 */
 static VALUE
 ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
 {
-    VALUE pass, name, pkey, cert, ca;
+    VALUE pass, name, pkey, cert, ca, key_nid, cert_nid, key_iter, mac_iter, keytype;
    VALUE obj;
    char *passphrase, *friendlyname;
    EVP_PKEY *key;
    X509 *x509;
    STACK_OF(X509) *x509s;
    int nkey = 0, ncert = 0, kiter = 0, miter = 0, ktype = 0;
    PKCS12 *p12;
-    rb_scan_args(argc, argv, "41", &pass, &name, &pkey, &cert, &ca);
+    rb_scan_args(argc, argv, "46", &pass, &name, &pkey, &cert, &ca, &key_nid, &cert_nid, &key_iter, &mac_iter, &keytype);
    passphrase = NIL_P(pass) ? NULL : StringValuePtr(pass);
    friendlyname = NIL_P(name) ? NULL : StringValuePtr(name);
    key = GetPKeyPtr(pkey);
    x509 = GetX509CertPtr(cert);
    x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
 /* TODO: make a VALUE to nid function */
    if (!NIL_P(key_nid)) {
        if ((nkey = OBJ_txt2nid(StringValuePtr(key_nid))) == NID_undef)
            rb_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(key_nid));
    }
    if (!NIL_P(cert_nid)) {
        if ((ncert = OBJ_txt2nid(StringValuePtr(cert_nid))) == NID_undef)
            rb_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(cert_nid));
    }
    if (!NIL_P(key_iter))
        kiter = NUM2INT(key_iter);
    if (!NIL_P(mac_iter))
        miter = NUM2INT(mac_iter);
    if (!NIL_P(keytype))
        ktype = NUM2INT(keytype);
    p12 = PKCS12_create(passphrase, friendlyname, key, x509, x509s,
-                        0, 0, 0, 0, 0);
+                        nkey, ncert, kiter, miter, ktype);
    sk_X509_pop_free(x509s, X509_free);
    if(!p12) ossl_raise(ePKCS12Error, NULL);
    WrapPKCS12(cPKCS12, obj, p12);
    ossl_pkcs12_set_key(obj, pkey);
    ossl_pkcs12_set_cert(obj, cert);
    ossl_pkcs12_set_ca_certs(obj, ca);
    return obj;
 }
 /*
 * call-seq:
 *    PKCS12.new -> pkcs12
 *    PKCS12.new(str) -> pkcs12
 *    PKCS12.new(str, pass) -> pkcs12
 *
 * === Parameters
 * * +str+ - Must be a DER encoded PKCS12 string.
 * * +pass+ - string
 */
 static VALUE
 ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
 {
@ -94,7 +146,7 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
    pkey = cert = ca = Qnil;
    if(!PKCS12_parse((PKCS12*)DATA_PTR(self), passphrase, &key, &x509, &x509s))
-	ossl_raise(ePKCS12Error, NULL);
+	ossl_raise(ePKCS12Error, "PKCS12_parse");
    pkey = rb_protect((VALUE(*)_((VALUE)))ossl_pkey_new, (VALUE)key,
 		      &st); /* NO DUP */
    if(st) goto err;
@ -140,10 +192,14 @@ ossl_pkcs12_to_der(VALUE self)
 void
 Init_ossl_pkcs12()
 {
-    mPKCS12 = rb_define_module_under(mOSSL, "PKCS12");
+    /*
-    cPKCS12 = rb_define_class_under(mPKCS12, "PKCS12", rb_cObject);
+     * Defines a file format commonly used to store private keys with
-    ePKCS12Error = rb_define_class_under(mPKCS12, "PKCS12Error", eOSSLError);
+     * accompanying public key certificates, protected with a password-based
-    rb_define_module_function(mPKCS12, "create", ossl_pkcs12_s_create, -1);
+     * symmetric key.
     */
    cPKCS12 = rb_define_class_under(mOSSL, "PKCS12", rb_cObject);
    ePKCS12Error = rb_define_class_under(cPKCS12, "PKCS12Error", eOSSLError);
    rb_define_singleton_method(cPKCS12, "create", ossl_pkcs12_s_create, -1);
    rb_define_alloc_func(cPKCS12, ossl_pkcs12_s_allocate);
    rb_attr(cPKCS12, rb_intern("key"), 1, 0, Qfalse);
--- a/ext/openssl/ossl_pkcs12.h
+++ b/ext/openssl/ossl_pkcs12.h
@ -6,7 +6,6 @@
 #if !defined(_OSSL_PKCS12_H_)
 #define _OSSL_PKCS12_H_
 extern VALUE mPKCS12;
 extern VALUE cPKCS12;
 extern VALUE ePKCS12Error;
--- a/ext/openssl/ossl_pkcs5.c
+++ b/ext/openssl/ossl_pkcs5.c
@ -0,0 +1,96 @@
 /*
 * $Id$
 * Copyright (C) 2007 Technorama Ltd. <oss-ruby@technorama.net>
 */
 #include "ossl.h"
 VALUE mPKCS5;
 VALUE ePKCS5;
 /*
 * call-seq:
 *    PKCS5.pbkdf2_hmac(pass, salt, iter, keylen, digest) => string
 *
 * === Parameters
 * * +pass+ - string
 * * +salt+ - string
 * * +iter+ - integer - should be greater than 1000.  2000 is better.
 * * +keylen+ - integer
 * * +digest+ - a string or OpenSSL::Digest object.
 *
 * Available in OpenSSL 0.9.9?.
 *
 * Digests other than SHA1 may not be supported by other cryptography libraries.
 */
 static VALUE
 ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE keylen, VALUE digest)
 {
 #ifdef HAVE_PKCS5_PBKDF2_HMAC
    VALUE str;
    const EVP_MD md;
    int len = NUM2INT(keylen);
    StringValue(pass);
    StringValue(salt);
    md = GetDigestPtr(digest);
    str = rb_str_new(0, len);
    if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), md, len, RSTRING_PTR(str)) != 1)
        ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC");
    return str;
 #else
    rb_notimplement();
 #endif
 }
 /*
 * call-seq:
 *    PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen) => string
 *
 * === Parameters
 * * +pass+ - string
 * * +salt+ - string
 * * +iter+ - integer - should be greater than 1000.  2000 is better.
 * * +keylen+ - integer
 *
 * This method is available almost any version OpenSSL.
 *
 * Conforms to rfc2898.
 */
 static VALUE
 ossl_pkcs5_pbkdf2_hmac_sha1(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE keylen)
 {
 #ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1
    VALUE str;
    int len = NUM2INT(keylen);
    StringValue(pass);
    StringValue(salt);
    str = rb_str_new(0, len);
    if (PKCS5_PBKDF2_HMAC_SHA1(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), len, RSTRING_PTR(str)) != 1)
        ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC_SHA1");
    return str;
 #else
    rb_notimplement();
 #endif
 }
 void
 Init_ossl_pkcs5()
 {
    /*
     * Password-based Encryption
     *
     */
    mPKCS5 = rb_define_module_under(mOSSL, "PKCS5");
    ePKCS5 = rb_define_class_under(mPKCS5, "PKCS5Error", eOSSLError);
    rb_define_module_function(mPKCS5, "pbkdf2_hmac", ossl_pkcs5_pbkdf2_hmac, 5);
    rb_define_module_function(mPKCS5, "pbkdf2_hmac_sha1", ossl_pkcs5_pbkdf2_hmac_sha1, 4);
 }
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@ -71,7 +71,6 @@
 /* 
 * Classes
 */
 VALUE mPKCS7;
 VALUE cPKCS7;
 VALUE cPKCS7Signer;
 VALUE cPKCS7Recipient;
@ -134,7 +133,8 @@ DupPKCS7RecipientPtr(VALUE obj)
 }
 /*
- * Private
+ * call-seq:
 *    PKCS7.read_smime(string) => pkcs7
 */
 static VALUE
 ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg)
@ -156,6 +156,10 @@ ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg)
    return ret;
 }
 /*
 * call-seq:
 *    PKCS7.write_smime(pkcs7 [, data [, flags]]) => string
 */
 static VALUE
 ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
 {
@ -187,6 +191,10 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
    return str;
 }
 /*
 * call-seq:
 *    PKCS7.sign(cert, key, data, [, certs [, flags]]) => pkcs7
 */
 static VALUE
 ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
 {
@ -226,6 +234,10 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
    return ret;
 }
 /*
 * call-seq:
 *    PKCS7.encrypt(certs, data, [, cipher [, flags]]) => pkcs7
 */
 static VALUE
 ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
 {
@ -287,6 +299,13 @@ ossl_pkcs7_alloc(VALUE klass)
    return obj;
 }
 /*
 * call-seq:
 *    PKCS7.new => pkcs7
 *    PKCS7.new(string) => pkcs7
 *
 * Many methods in this class aren't documented.
 */
 static VALUE
 ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
 {
@ -364,6 +383,10 @@ ossl_pkcs7_sym2typeid(VALUE sym)
    return ret;
 }
 /*
 * call-seq:
 *    pkcs7.type = type => type
 */
 static VALUE
 ossl_pkcs7_set_type(VALUE self, VALUE type)
 {
@ -376,6 +399,10 @@ ossl_pkcs7_set_type(VALUE self, VALUE type)
    return type;
 }
 /*
 * call-seq:
 *    pkcs7.type => string or nil
 */
 static VALUE
 ossl_pkcs7_get_type(VALUE self)
 {
@ -926,15 +953,12 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
 void
 Init_ossl_pkcs7()
 {
-    mPKCS7 = rb_define_module_under(mOSSL, "PKCS7");
+    cPKCS7 = rb_define_class_under(mOSSL, "PKCS7", rb_cObject);
-
+    ePKCS7Error = rb_define_class_under(cPKCS7, "PKCS7Error", eOSSLError);
-    ePKCS7Error = rb_define_class_under(mPKCS7, "PKCS7Error", eOSSLError);
+    rb_define_singleton_method(cPKCS7, "read_smime", ossl_pkcs7_s_read_smime, 1);
-
+    rb_define_singleton_method(cPKCS7, "write_smime", ossl_pkcs7_s_write_smime, -1);
-    cPKCS7 = rb_define_class_under(mPKCS7, "PKCS7", rb_cObject);
+    rb_define_singleton_method(cPKCS7, "sign",  ossl_pkcs7_s_sign, -1);
-    rb_define_singleton_method(mPKCS7, "read_smime", ossl_pkcs7_s_read_smime, 1);
+    rb_define_singleton_method(cPKCS7, "encrypt", ossl_pkcs7_s_encrypt, -1);
    rb_define_singleton_method(mPKCS7, "write_smime", ossl_pkcs7_s_write_smime, -1);
    rb_define_singleton_method(mPKCS7, "sign",  ossl_pkcs7_s_sign, -1);
    rb_define_singleton_method(mPKCS7, "encrypt", ossl_pkcs7_s_encrypt, -1);
    rb_attr(cPKCS7, rb_intern("data"), 1, 0, Qfalse);
    rb_attr(cPKCS7, rb_intern("error_string"), 1, 1, Qfalse);
    rb_define_alloc_func(cPKCS7, ossl_pkcs7_alloc);
@ -964,8 +988,8 @@ Init_ossl_pkcs7()
    rb_define_alias(cPKCS7,  "to_s", "to_pem");
    rb_define_method(cPKCS7, "to_der", ossl_pkcs7_to_der, 0);
-    cPKCS7Signer = rb_define_class_under(mPKCS7, "SignerInfo", rb_cObject);
+    cPKCS7Signer = rb_define_class_under(cPKCS7, "SignerInfo", rb_cObject);
-    rb_define_const(mPKCS7, "Signer", cPKCS7Signer);
+    rb_define_const(cPKCS7, "Signer", cPKCS7Signer);
    rb_define_alloc_func(cPKCS7Signer, ossl_pkcs7si_alloc);
    rb_define_method(cPKCS7Signer, "initialize", ossl_pkcs7si_initialize,3);
    rb_define_method(cPKCS7Signer, "issuer", ossl_pkcs7si_get_issuer, 0);
@ -973,14 +997,14 @@ Init_ossl_pkcs7()
    rb_define_method(cPKCS7Signer, "serial", ossl_pkcs7si_get_serial,0);
    rb_define_method(cPKCS7Signer,"signed_time",ossl_pkcs7si_get_signed_time,0);
-    cPKCS7Recipient = rb_define_class_under(mPKCS7,"RecipientInfo",rb_cObject);
+    cPKCS7Recipient = rb_define_class_under(cPKCS7,"RecipientInfo",rb_cObject);
    rb_define_alloc_func(cPKCS7Recipient, ossl_pkcs7ri_alloc);
    rb_define_method(cPKCS7Recipient, "initialize", ossl_pkcs7ri_initialize,1); 
    rb_define_method(cPKCS7Recipient, "issuer", ossl_pkcs7ri_get_issuer,0);
    rb_define_method(cPKCS7Recipient, "serial", ossl_pkcs7ri_get_serial,0);
    rb_define_method(cPKCS7Recipient, "enc_key", ossl_pkcs7ri_get_enc_key,0); 
-#define DefPKCS7Const(x) rb_define_const(mPKCS7, #x, INT2NUM(PKCS7_##x))
+#define DefPKCS7Const(x) rb_define_const(cPKCS7, #x, INT2NUM(PKCS7_##x))
    DefPKCS7Const(TEXT);
    DefPKCS7Const(NOCERTS);
--- a/ext/openssl/ossl_pkcs7.h
+++ b/ext/openssl/ossl_pkcs7.h
@ -11,7 +11,6 @@
 #if !defined(_OSSL_PKCS7_H_)
 #define _OSSL_PKCS7_H_
 extern VALUE mPKCS7;
 extern VALUE cPKCS7;
 extern VALUE cPKCS7Signer;
 extern VALUE cPKCS7Recipient;