Support for ECDH One-pass in "openssl cms enc"

Henning Krause mail at henningkrause.eu
Mon May 24 07:40:49 UTC 2021 

Hi,

after studying the different key generator functions more closely I came to the conclusion that, since the Prime256 curve has a cofactor of 1, both KDF should produce the same value and so everything has cleared up.

Kind regards,
Henning
________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Henning Krause via openssl-users <openssl-users at openssl.org>
Sent: Sunday, May 23, 2021 2:45 PM
To: openssl-users at openssl.org <openssl-users at openssl.org>
Subject: Support for ECDH One-pass in "openssl cms enc"

Hi,

I'm trying to encrypt an email using the ECDH One-Pass algorithm. I've first created an X509 certificate with an EDSA key based on the curve prime256v1.

Then, I ran this command:

openssl cms -encrypt -in Unencrypted.eml -binary -recip ecc.cer -aes256 -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1

This does indeed create an encrypted eml:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIBuQYJKoZIhvcNAQcDoIIBqjCCAaYCAQIxggEQoYIBDAIBA6BRoU8wCQYHKoZI
zj0CAQNCAAQYMD63JbNHczeD0BVjdlzuZAdTyFchu/KsXAZA6/OmbJ37xEoga1GG
ItMUW5qnzzNL9L25wi1GVZrMxH5bksxEMBUGBiuBBAEOATALBglghkgBZQMEAS0w
gZwwgZkwbTBnMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRIwEAYDVQQHDAlQ
YWRlcmJvcm4xGTAXBgNVBAoMEE5ldCBhdCBXb3JrIEdtYkgxGzAZBgNVBAMMEk5v
U3BhbVByb3h5IERldiBDQQICEBwEKB6t+YrcLQLXlVc8oC47Ija4mgzJ0uv7DvFl
JQXtUGZpf4pYQ9fvEO0wgYwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEENsnhiim
ZK1xDpAN3tpDiwmAYLp71os2uX6TIEJeDbtAuEf570gNii9AdHgdbS3+4hpFUyKI
fifnofwQRq5+vsIc8DllYGMdMoWknO0vzNSNaLFpWMJ2Xe0SFyU0dO30wHlHXvz3
a3CzwXa5yoQ1qHfo3Q==

And it does have the expected KEK encryption algorithm set:
1.3.132.1.14.1 => dhSinglePass-cofactorDH-sha256kdf-scheme

However, the KDF method used is exactly the same as when I execute:
openssl cms -encrypt -in Unencrypted.eml -binary -recip ecc.cer -aes256 -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:0

This call does produce a different KEK algorithm:
1.3.132.1.11.1 ecdhX963KDF-SHA256.

At least I can decrypt the content encryption key in both cases using the same algorithm ('Standard' ECDH).

I'm using OpenSSL 3.0.0-beta1-dev  (Library: OpenSSL 3.0.0-beta1-dev ).

Any ideas? Do I need any additional parameters to get this working?

Kind regards,
Henning
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210524/5c80b5ee/attachment.html>

More information about the openssl-users mailing list