[openssl-users] CMS_encrypt with ECDH key

Q Rius vqurius at gmail.com
Sun Apr 19 02:12:24 UTC 2015

I'm trying to implement CMS encrypt using ECDH keys. Ref openssl CMS with
ECDH EnvelopedData
The command line works flawlessly but my program is giving an error -

Error Encrypting Data
140508524291744:error:2E06507D:CMS routines:CMS_add1_recipient_cert:not
supported for this key type:cms_env.c:210:

In code below, recip.pem was created using steps here openssl CMS with ECDH

int main (int argc, char **argv)
    CMS_ContentInfo *cms1 = NULL;
    BIO *in = NULL, *out = NULL, *tbio = NULL;
    X509 *rcert = NULL;
    int ret = 1;
    int flags = CMS_STREAM;


    tbio = BIO_new_file("recip.pem", "r");
    if (!tbio)
        goto err;

    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
    if (!rcert)
        goto err;

    in = BIO_new_file("encr.txt", "r");
    flags |= CMS_PARTIAL;
    cms1 = CMS_encrypt(NULL, in, EVP_des_ede3_cbc(), flags);

    CMS_RecipientInfo *ri;
    ri = CMS_add1_recipient_cert(cms1, rcert, flags);
    if (!ri)
        goto err;

    if(!CMS_final(cms1, in, NULL, flags))
        goto err;

    if (!cms1)
        goto err;

    out = BIO_new_file("cms1.pem", "w");
        goto err;

    if(!PEM_write_bio_CMS_stream(out, cms1, in, flags))
        goto err;

    ret = 0;




The documentation states ECC keys are not supported yet the commandline cms
app is able to do it without a problem. I stepped through the cms app but
am unable to figure out what I'm doing differently. Also tried the
cms_enc.c from the demos folder but that does not handle ecc keys as well.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150418/e67f10c2/attachment.html>

More information about the openssl-users mailing list