openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 26, 2015, Chris Madden wrote:

> Hi,
> I am playing with openssl 1.0.2a - specifically CMS support for ECC.
> But what I think should work doesn't.
> Commands used and parsed data shown.
> (I gave an RSA example as a known good working example)
> 
> ./openssl version
> OpenSSL 1.0.2a 19 Mar 2015
> 
> echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext
> 
> 
> #EC fails
> ================
>   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
>   ./openssl req -x509 -new -key ecc.key -out ecc.crt
>   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
>   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
> -inkey ecc.key
> Error decrypting CMS structure
> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:evp_enc.c:529:
> 

RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux