[openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate

Stephan Mühlstrasser stm at pdflib.com
Fri Jul 1 14:40:34 UTC 2016 

Hi,

we are testing OpenSSL interoperability with a third-party application, 
and we cannot decrypt a CMS object that is encrypted by the third-party 
application with a prime256v1 elliptic-curve certificate.

I have attached the following files:

demo_signer_ec_secp256r1.cms.der: DER-encoded CMS object
demo_signer_ec_secp256r1.cert.pem: recipient certificate
demo_signer_ec_secp256r1.pkey.pem. recipient private key (no password)

I try to decrypt the CMS object with the following command using OpenSSL 
1.0.2:

$ openssl version
OpenSSL 1.0.2h  3 May 2016
$ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der  -inform DER 
-recip  demo_signer_ec_secp256r1.cert.pem  -inkey 
demo_signer_ec_secp256r1.pkey.pem
Error decrypting CMS using private key

When I use OpenSSL 1.1.0 beta from today's HEAD of the master branch, I 
see an additional error message:

$ openssl version
OpenSSL 1.1.0-pre6-dev  xx XXX xxxx
$ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der  -inform DER 
-recip  demo_signer_ec_secp256r1.cert.pem  -inkey 
demo_signer_ec_secp256r1.pkey.pem
Error decrypting CMS using private key
140735294530304:error:0D06E0A4:asn1 encoding 
routines:asn1_do_adb:unsupported any defined by 
type:crypto/asn1/tasn_utl.c:238:

Is the CMS object broken, or is this a problem in OpenSSL?

Thanks

--
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_signer_ec_secp256r1.cert.pem
Type: application/x-x509-ca-cert
Size: 1301 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160701/d50781fb/attachment.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_signer_ec_secp256r1.cms.der
Type: application/x-x509-ca-cert
Size: 364 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160701/d50781fb/attachment-0001.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_signer_ec_secp256r1.pkey.pem
Type: application/x-x509-ca-cert
Size: 365 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160701/d50781fb/attachment-0002.crt>

More information about the openssl-users mailing list