[openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
Stephan Mühlstrasser
stm at pdflib.com
Fri Jul 1 14:40:34 UTC 2016
Hi,
we are testing OpenSSL interoperability with a third-party application,
and we cannot decrypt a CMS object that is encrypted by the third-party
application with a prime256v1 elliptic-curve certificate.
I have attached the following files:
demo_signer_ec_secp256r1.cms.der: DER-encoded CMS object
demo_signer_ec_secp256r1.cert.pem: recipient certificate
demo_signer_ec_secp256r1.pkey.pem. recipient private key (no password)
I try to decrypt the CMS object with the following command using OpenSSL
1.0.2:
$ openssl version
OpenSSL 1.0.2h 3 May 2016
$ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform DER
-recip demo_signer_ec_secp256r1.cert.pem -inkey
demo_signer_ec_secp256r1.pkey.pem
Error decrypting CMS using private key
When I use OpenSSL 1.1.0 beta from today's HEAD of the master branch, I
see an additional error message:
$ openssl version
OpenSSL 1.1.0-pre6-dev xx XXX xxxx
$ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform DER
-recip demo_signer_ec_secp256r1.cert.pem -inkey
demo_signer_ec_secp256r1.pkey.pem
Error decrypting CMS using private key
140735294530304:error:0D06E0A4:asn1 encoding
routines:asn1_do_adb:unsupported any defined by
type:crypto/asn1/tasn_utl.c:238:
Is the CMS object broken, or is this a problem in OpenSSL?
Thanks
--
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_signer_ec_secp256r1.cert.pem
Type: application/x-x509-ca-cert
Size: 1301 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160701/d50781fb/attachment.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_signer_ec_secp256r1.cms.der
Type: application/x-x509-ca-cert
Size: 364 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160701/d50781fb/attachment-0001.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_signer_ec_secp256r1.pkey.pem
Type: application/x-x509-ca-cert
Size: 365 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160701/d50781fb/attachment-0002.crt>
More information about the openssl-users
mailing list