CMS_encrypt with ECDH key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Apr 18, 2015, Q Rius wrote:

> I'm trying to implement CMS encrypt using ECDH keys. Ref openssl CMS with
> ECDH EnvelopedData
> <http://stackoverflow.com/questions/29280688/openssl-cms-with-ecdh-envelopeddata>
> The command line works flawlessly but my program is giving an error -
> 
> Error Encrypting Data
> 140508524291744:error:2E06507D:CMS routines:CMS_add1_recipient_cert:not
> supported for this key type:cms_env.c:210:
> 
> In code below, recip.pem was created using steps here openssl CMS with ECDH
> EnvelopedData
> <http://stackoverflow.com/questions/29280688/openssl-cms-with-ecdh-envelopeddata>
> 
> int main (int argc, char **argv)
> {
>     CMS_ContentInfo *cms1 = NULL;
>     BIO *in = NULL, *out = NULL, *tbio = NULL;
>     X509 *rcert = NULL;
>     int ret = 1;
>     int flags = CMS_STREAM;
> 
>     OpenSSL_add_all_algorithms();
>     ERR_load_crypto_strings();
> 
>     tbio = BIO_new_file("recip.pem", "r");
>     if (!tbio)
>         goto err;
> 
>     rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
>     if (!rcert)
>         goto err;
> 
>     in = BIO_new_file("encr.txt", "r");
>     flags |= CMS_PARTIAL;
>     cms1 = CMS_encrypt(NULL, in, EVP_des_ede3_cbc(), flags);
> 
>     CMS_RecipientInfo *ri;
>     ri = CMS_add1_recipient_cert(cms1, rcert, flags);
>     if (!ri)
>         goto err;
> 
>     if(!CMS_final(cms1, in, NULL, flags))
>         goto err;
> 
>     if (!cms1)
>         goto err;
> 
>     out = BIO_new_file("cms1.pem", "w");
>     if(!out)
>         goto err;
> 
>     if(!PEM_write_bio_CMS_stream(out, cms1, in, flags))
>         goto err;
> 
>     ret = 0;
> 
> err:
> 
>     ##cleanup
> 
> }
> 
> The documentation states ECC keys are not supported yet the commandline cms
> app is able to do it without a problem. I stepped through the cms app but
> am unable to figure out what I'm doing differently. Also tried the
> cms_enc.c from the demos folder but that does not handle ecc keys as well.
> 

Are you're sure you are linking against OpenSSL 1.0.2 or later? OpenSSL 1.0.1
and ealier do not support ECDH for CMS.

Your program works OK here except you need to delete the CMS_final part:
finalisations is performed on the fly when writing if you use the flag
CMS_STREAM.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux