[openssl-users] CMS with Symmetric key

Abe Racioppo abe.racioppo at gmail.com
Mon Apr 11 11:34:19 UTC 2016


Thank you for the responses.

I have implemented encryption that adds a secret key, and secret key id
using:
CMS_add0_recipient_key,
CMS_EncryptData_encrypt,
SMIME_write_CMS
The output file looks correct, but I need to decrypt it back to be sure.

I would like to be able to get the secret key id from the envelope data to
then search a database for the key, and then CMS_decrypt.  I have yet to
determine the most straightforward way of getting the key ids from the
envelope/wrapped content of cms.

Is there a combination if I have SMIME_read the cms from a file like:
  keyId =  cms->envelopedData->keyId?

Or do I need to handle a stack_of recipient infos in order to get the key
id from kekri0_get_id?

Thanks again,
Abe


On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Henson <steve at openssl.org>
wrote:

> On Mon, Apr 04, 2016, Abe Racioppo wrote:
>
> > Hey guys,
> >
> > I'm trying to use the CMS operations in libcrypto but with a symmetric
> key
> > encryption key instead of x509.
> >
> > I'm thinking I want to use a combination of
> >
> > CMS_RecipientInfo_set0_pkey,
> > SMIME_write_CMS,
> > and
> > CMS_EncryptedData_encrypt.
> >
> > Has anyone done this before and can give me some direction?  This is my
> > first time working with openssl and am getting kinda lost.
> >
>
> You have several options here.
>
> You can just use the encrypted data type with a key directly.
>
> You can use the enveloped data type with a symmetric wrapping key.
>
> You can use the enveloped data type with a password based recipient info.
>
> Which you use depends on the application you have in mind.
>
> In the first case you just call CMS_EncryptData_encrypt() followed by
> SMIME_write_CMS().
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
signature
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160411/18829fbe/attachment.html>


More information about the openssl-users mailing list