On the algorithmic side of things, the ECDSA algorithm cannot encrypt. It is signing-only. In order to use Elliptical Curves to encrypt, you would have to use the "Elliptical Curve Diffie-Hellman" algorithm to perform a key agreement. This requires that both the sender and the recipient have EC keys which are marked in their certificates as being for the purpose "keyAgreement". Your command line only specifies the recipient certificate, not the sending certificate. You can't do an ecdh_kdf_md:sha256 operation without the sender's certificate and private key. I hope this helps! -Kyle H On Fri, Jan 26, 2018 at 7:13 AM, clou <mail@xxxxxxxx> wrote: > openssl 1.1.0.f > ecdsa 512 certificate > > openssl cms -sign works perfect and sending an email. > > For encryption and sending an email I just get an email with an attachment > smime.p7m. > > I use the following encryption command > > openssl cms -encrypt \ > -recip cert.pem \ > -subject 'openssl encrypt' \ > -to email \ > -from email \ > -in msg.txt \ > -keyopt ecdh_kdf_md:sha256 \ > | \ > sendmail email > > > Any idea how I need do encrypt (or encrypt and sign) in order to get a > proper email? > > Thanks a lot! > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
