S/MIME 4.0 (RFC 8551): PKCS7_ support?

Steffen Nurpmeso steffen at sdaoden.eu
Mon Oct 9 17:06:05 UTC 2023


Hello.

After my CACert-backed S/MIME approach has come to an end
i thought i switch to some self-signed one with attached
certificate in signed envelope, as now many PGP people do.
Alongside this i thought using a much smaller key would be great,
and so i generated

  openssl req -noenc -newkey ED25519 -keyout key.pem -out csr.pem -x509

which gives wonderful short things.
Unfortunately i cannot use it

  s-nail: Error setting PKCS#7 signing object signer: error:10800094:PKCS7 routines::signing not supported for this key type

I seem to know that this type does not support streams aka update,
update, .. final cycles, but wanted to ask whether this is the
problem here (without doing all the rewrite stuff), or whether the
OpenSSL PKCS7 codebase simply cannot deal with RFC 8551 yet.

Thank you,
Ciao from Germany.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


More information about the openssl-users mailing list