Added documentation on PKCS #7 signing

1 files changed, 29 insertions, 0 deletions

diff --git a/doc/cha-crypto.texi b/doc/cha-crypto.texi
index ebe4331915..3e640c2dd2 100644
--- a/doc/cha-crypto.texi
+++ b/doc/cha-crypto.texi
@@ -44,6 +44,35 @@ accessed using the abstract key API in @ref{Abstract key types}. This
 is a high level API with the advantage of transparently handling keys
 in memory and keys present in smart cards.
 
+@subsection PKCS #7 signing
+@cindex PKCS #7
+@cindex file signing
+
+The PKCS #7 format is common format used for digital signatures. It allows to sign
+by embedding the data into the signature, or creating detached signatures of the data,
+including a timestamp, additional certificates etc. In certain cases this format is also
+used to transport lists of certificates and CRLs.
+
+The basic functions to initialize, deinitialize, import, export or print information
+about a PKCS #7 structure are shown below.
+@showfuncE{gnutls_pkcs7_init,gnutls_pkcs7_deinit,gnutls_pkcs7_export2,gnutls_pkcs7_import,gnutls_pkcs7_print}
+
+The following functions allow the verification of a structure using either a trust list, or
+individual certificates. The @funcref{gnutls_pkcs7_sign} function is the data signing function.
+
+@showfuncB{gnutls_pkcs7_verify_direct,gnutls_pkcs7_verify}
+@showfuncdesc{gnutls_pkcs7_sign}
+
+@showenumdesc{gnutls_pkcs7_sign_flags,Flags applicable to gnutls_pkcs7_sign()}
+
+Other helper functions which allow to access the signatures, or certificates attached
+in the structure are listed below.
+
+@showfuncF{gnutls_pkcs7_get_signature_count,gnutls_pkcs7_get_signature_info,gnutls_pkcs7_get_crt_count,gnutls_pkcs7_get_crt_raw2,gnutls_pkcs7_get_crl_count,gnutls_pkcs7_get_crl_raw2}
+
+To append certificates, or CRLs in the structure the following functions are provided.
+@showfuncD{gnutls_pkcs7_set_crt_raw,gnutls_pkcs7_set_crt,gnutls_pkcs7_set_crl_raw,gnutls_pkcs7_set_crl}
+
 @node Hash and HMAC functions
 @section Hash and HMAC functions
 @cindex hash functions