[openssl-dev] Does OpenSSL support ECC-based S/MIME as defined in RFC 5753?
Dr. Stephen Henson
steve at openssl.org
Tue May 31 16:32:24 UTC 2016
On Tue, May 31, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
> Does OpenSSL support ECC-based S/MIME as defined in RFC 5753?
>
> I was trying to create an encrypted S/MIME message using OpenSSL-1.0.2h,
> and got the following:
>
> $ openssl smime -encrypt -aes128 -inform SMIME -in Cyph_Bot_test.eml
> -outform SMIME -out Cyph_Bot_test.smime.eml -subject SMIME_ECC
> ~/Documents/Certs/me_mouse_yubi_9d_.pem
> Error creating PKCS#7 structure
> 140735083847760:error:21082096:PKCS7
> routines:PKCS7_RECIP_INFO_set:encryption not supported for this key
> type:pk7_lib.c:542:
> 140735083847760:error:21073078:PKCS7 routines:PKCS7_encrypt:error adding
> recipient:pk7_smime.c:503:
> $ openssl version
> OpenSSL 1.0.2h 3 May 2016
> $
>
The smime utility uses PKCS#7 which doesn't support anything other than RSA
for the enveloped data type.
Use the cms utility instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list