At least one problem I can see with your EC certificate is wrong Key Usage. For EC it should be "Key Agreement".
I'd not use the same cert for signing and encrypting. If you do, then add Signature and Non-Repudiation (but I've never done that).
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
On 5/5/21, 22:07, "openssl-users on behalf of Ted Wynnychenko" <openssl-users-bounces@xxxxxxxxxxx on behalf of ted.m.w@xxxxxxxxxxx> wrote:
Hello
I recently decided to change from RSA to EC keys/certs.
I do this primarily as a learning exercise (there is no real corporate or
professional demand to have this working).
I am running OpenBSD current (6.9) from about 1 month ago.
Previously, I have been using "openssl smime" to sign and encrypt emails.
Now that I am migrating to EC keys/certificates, I need to switch to
"openssl cms".
However, I am unable to encrypt using the EC certificate.
When I use:
(I am going to obfuscate the emails in plain text, although I understand
there will be some encoded in the public key that follows.)
cat text.in | /usr/bin/openssl cms -encrypt -from 'User <user@xxxxxxxxxxx>'
-to 'Admin <admin@xxxxxxxxxxx>' -subject "Test Email" -aes256 encryption.pem
> encrypted.out
with the old RSA certificate, everything works as expected.
But, when I replace the RSA cert with the EC certificate, it does not.
Instead, I see:
15724089243112:error:2EFFF06F:CMS routines:CRYPTO_internal:ctrl
failure:/usr/src/lib/libcrypto/cms/cms_env.c:124:
15724089243112:error:2EFFF074:CMS routines:CRYPTO_internal:error setting
recipientinfo:/usr/src/lib/libcrypto/cms/cms_env.c:944:
15724089243112:error:2EFFF068:CMS routines:CRYPTO_internal:cms
lib:/usr/src/lib/libcrypto/cms/cms_smime.c:850:
And the output file is zero size.
The "-to" email address used is encoded as a SAN email in the EC
certificate.
I tried a more basic command:
openssl cms -encrypt -in text.in -out encrypted.out -recip encryption.pem
Works with RSA certificate, same error with EC certificate.
I also tried (not really understanding, but it is in the man page example):
openssl cms -encrypt -in text.in -out encrypted.out -recip encryption.pem
-keyopt ecdh_kdf_md:sha256
and got the same error.
I am not sure what this error means, or how to address it.
I was wondering if I needed to add the email to the certificate's DN, but
since (I understand) emails in the DN are depreciated, and the email is
included as a SAN, that seems unlikely.
Any suggestions would be great.
I have pasted the output from, "openssl x509 -in encryption.pem -noout
-text" below.
As I said, the plain text has been altered, but the public key is unchanged.
Thanks
Ted
$ openssl x509 -in encryption.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25 (0x19)
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, ST=State, L=Town, O=Example, OU=Home, CN=example.com
Validity
Not Before: Jan 2 00:00:00 2019 GMT
Not After : Apr 17 13:57:06 2051 GMT
Subject: C=US, ST=State, L=Town, O=Example, OU=Home,
CN=admin.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:80:34:1b:cf:63:94:33:47:37:39:42:89:cd:80:
86:44:2f:df:5f:e2:cb:3f:1b:08:3b:2c:c8:20:ec:
4e:68:2a:ac:1d:ba:7b:09:3d:78:84:cc:e5:7c:f1:
5f:3c:36:c1:89:c1:8d:95:dc:ec:dd:7c:18:e9:58:
a2:83:bc:f9:db:82:cc:c3:fe:17:87:e3:52:78:70:
3b:2a:9e:ca:44:f6:f0:ff:42:82:8b:5a:51:9f:94:
63:4b:ef:08:d1:53:37
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
C6:1E:C2:DD:D2:89:2A:64:58:F2:94:1F:EB:80:CA:AC:3C:9B:43:DC
X509v3 CRL Distribution Points:
Full Name:
URI:https://crl.example.com/example.ca.crl
CRL Issuer:
DirName: C = US, O = Example, CN = example.com
Authority Information Access:
OCSP - URI:http://ocsp.example.com:2560
X509v3 Issuer Alternative Name:
DNS:example.com, email:admin@xxxxxxxxxxx
X509v3 Authority Key Identifier:
keyid:74:87:C7:29:8F:E5:8F:79:00:9F:95:52:69:F8:CA:57:A6:84:4C:9E
DirName:/C=US/ST=Illinois/L=Winnetka/O=Wynnychenko/OU=Home/CN=wynnychenko.co
m
serial:B0:99:14:14:0B:6D:33:21
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data
Encipherment
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Subject Alternative Name:
email:admin@xxxxxxxxxxx
Signature Algorithm: ecdsa-with-SHA384
30:65:02:31:00:94:1c:9e:ce:f2:0f:9f:b4:65:18:6d:7d:e4:
be:01:19:0e:05:02:02:f6:83:84:88:11:0a:39:69:39:2a:7a:
af:64:dd:4d:d0:57:dd:e3:db:8f:02:0a:8a:1b:27:8a:80:02:
30:44:65:8c:36:be:7a:c6:27:cf:6d:3d:9c:42:d1:72:93:a5:
df:21:c9:c0:58:64:c3:6e:d7:7c:30:13:da:10:7d:b9:e6:5d:
d6:1c:89:e0:d5:eb:ba:03:d8:76:22:17:18
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
