[openssl-dev] EC based certificates not supported in CMS - why?
Paweł Kaźmierczak
koraboros at gmail.com
Thu Apr 9 14:23:59 UTC 2015
Hi, please ignore my previous email I debugged it a bit deeper and it
turned out
that in case of EC certificates the ecdh_cms_set_shared_info() function
could not find "id-aes128-wrap" algo and I solved this by uncommenting
following lines:
OpenSSL_add_all_algorithms(void);
OpenSSL_add_all_ciphers(void);
OpenSSL_add_all_digests(void);
that for some inexplicable reason ware commented by some very nasty creatue.
2015-04-09 15:20 GMT+02:00 Dr. Stephen Henson <steve at openssl.org>:
> On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
>
> > Hi,
> >
> > currently openssl in CMS supports only RSA based certificates but EC
> based
> > certificates are supported in openssl TLS... so I assume that there is
> > already a code that can sing/verify and perform key agreement (ECKA-EG
> > ECKA-DH) using eliptic curves.
> >
> > Can someone please tell me if this will be a lot of work to use that code
> > in CMS in a way that CMS could work with EC based certificates?
> >
>
> OpenSSL 1.0.0 and later should support ECDSA in CMS. The use of ECDH is
> quite
> rare: most implementations just use RSA key exchange. OpenSSL 1.0.2 does
> support ECDH though.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150409/345d3e76/attachment-0001.html>
More information about the openssl-dev
mailing list