[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object
Stephan Mühlstrasser via RT
rt at openssl.org
Mon Mar 14 17:45:34 UTC 2016
I had written a message about this issue to openssl-users, but received
As OpenSSL cannot decrypt data encrypted by itself, this looks like a
defect. It is also not possible to decrypt RC4-encrypted CMS objects
created by third-party software.
This was reproduced with the current HEAD revision from the
OpenSSL_1_0_2-stable branch, namely with Git revision
How to reproduce:
Create a self-signed certificate, encrypt some data as a CMS message
with "-rc4" using the certificate as a recipient, and try to decrypt it
again. This fails with an error message:
$ echo "abcdefg" >data.txt
$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -nodes -out
cert.pem -days 100 -subj "/CN=RC4 CMS Test"
Generating a 2048 bit RSA private key
writing new private key to 'key.pem'
$ openssl cms -rc4 -encrypt -binary -in data.txt -out data.txt.cms
-outform DER cert.pem
$ openssl cms -decrypt -in data.txt.cms -inform DER -out data2.txt
-inkey key.pem -recip cert.pem
Error decrypting CMS structure
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
With other encryption algorithms, this works as expected.
The same problem is also reproducible with the "openssl smime" command.
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4429
Please log in as guest with password guest if prompted
More information about the openssl-dev