On Thu, Mar 26, 2015, Chris Madden wrote: > Hi, > I am playing with openssl 1.0.2a - specifically CMS support for ECC. > But what I think should work doesn't. > Commands used and parsed data shown. > (I gave an RSA example as a known good working example) > > ./openssl version > OpenSSL 1.0.2a 19 Mar 2015 > > echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext > > > #EC fails > ================ > ./openssl ecparam -name prime192v1 -genkey -out ecc.key > ./openssl req -x509 -new -key ecc.key -out ecc.crt > ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt > ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM > -inkey ecc.key > Error decrypting CMS structure > error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad > decrypt:evp_enc.c:529: > RSA can decrypt without knowing the certificate but currently EC cannot. So try including the option -recip ecc.crt when you decrypt. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
