Unable to decrypt CMS object encrypted with EC prime256v1 certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 07.07.16 um 00:16 schrieb Dr. Stephen Henson:
> On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote:
>
>>
>> While doing research on this, we found one thing that looks
>> suspicious in the CMS objects generated by OpenSSL 1.0.2. When
>> dumping the CMS object with dumpasn1, the key wrap algorithm is
>> encoded as follows:
>>
>> SEQUENCE {
>>  OBJECT IDENTIFIER '1 3 132 1 11 3'
>>  SEQUENCE {
>>    OBJECT IDENTIFIER aes256-wrap (2 16 840 1 101 3 4 1 45)
>>    NULL
>>    }
>>  }
>>
>
> That's strange: I just tried OpenSSL 1.0.2 and the master branch and I don't
> get a NULL in either case.

I apologize, you are right. I tracked this down to the fact that the CMS 
object was created with an OpenSSL 1.0.2 beta version. Sorry for the 
confusion.

> Also that algorithm isn't something you'd get by default with OpenSSL. Has it
> been modified in some way?

It has not been modified. The algorithm is set with the 
EVP_PKEY_CTX_ctrl_str() function:

EVP_PKEY_CTX_ctrl_str(ctx, "ecdh_kdf_md", "sha256");

-- 
Stephan


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux