Re: mail encryption with ecdsa cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Doesn't S/MIME permit the half-ephemeral ECDH algorithm where the
recipient's static ECDH certificate is combined with a per message
ephemeral ECDH key?

On 26/01/2018 18:20, Kyle Hamilton wrote:
On the algorithmic side of things, the ECDSA algorithm cannot encrypt.
It is signing-only.

In order to use Elliptical Curves to encrypt, you would have to use
the "Elliptical Curve Diffie-Hellman" algorithm to perform a key
agreement.  This requires that both the sender and the recipient have
EC keys which are marked in their certificates as being for the
purpose "keyAgreement".

Your command line only specifies the recipient certificate, not the
sending certificate.  You can't do an ecdh_kdf_md:sha256 operation
without the sender's certificate and private key.

I hope this helps!

-Kyle H



On Fri, Jan 26, 2018 at 7:13 AM, clou <mail@xxxxxxxx> wrote:
openssl 1.1.0.f
ecdsa 512 certificate

openssl cms -sign works perfect and sending an email.

For encryption and sending an email I just get an email with an attachment
smime.p7m.

I use the following encryption command

openssl cms -encrypt \
         -recip cert.pem \
         -subject 'openssl encrypt' \
         -to email \
         -from email \
         -in msg.txt \
         -keyopt ecdh_kdf_md:sha256 \
         | \
         sendmail email


Any idea how I need do encrypt (or encrypt and sign) in order to get a
proper email?

Thanks a lot!

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux