>> Hi, >> I am playing with openssl 1.0.2a - specifically CMS support for ECC. >> But what I think should work doesn't. >> Commands used and parsed data shown. >> (I gave an RSA example as a known good working example) >> >> ./openssl version >> OpenSSL 1.0.2a 19 Mar 2015 >> >> echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext >> >> >> #EC fails >> ================ >> ./openssl ecparam -name prime192v1 -genkey -out ecc.key >> ./openssl req -x509 -new -key ecc.key -out ecc.crt >> ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt >> ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM >> -inkey ecc.key >> Error decrypting CMS structure >> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad >> decrypt:evp_enc.c:529: >> > >RSA can decrypt without knowing the certificate but currently EC cannot. So >try including the option -recip ecc.crt when you decrypt. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org Many thanks Steve for the prompt response! That fixed it. Chris > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/6e78bef1/attachment.html>
