[openssl-users] mail encryption with ecdsa cert
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jan 26 17:55:56 UTC 2018
> On Jan 26, 2018, at 10:13 AM, clou <mail at iclou.ch> wrote:
>
> openssl cms -sign works perfect and sending an email.
>
> For encryption and sending an email I just get an email with an attachment smime.p7m.
>
> I use the following encryption command
>
> openssl cms -encrypt \
> -recip cert.pem \
> -subject 'openssl encrypt' \
> -to email \
> -from email \
> -in msg.txt \
> -keyopt ecdh_kdf_md:sha256 \
> | \
> sendmail email
>
>
> Any idea how I need do encrypt (or encrypt and sign) in order to get a proper email?
This requires a pipeline of two cms(1) commands, one to sign and other
to encrypt (S/MIME is generally a sign-then-encrypt encapsulation).
The inner signed content would be the just the payload no mail headers.
And yes, ECDSA is supported with CMS.
--
Viktor.
More information about the openssl-users
mailing list