[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Chris Madden
crashedmind at gmail.com
Thu Mar 26 15:48:52 UTC 2015
Hi,
I am playing with openssl 1.0.2a - specifically CMS support for ECC.
But what I think should work doesn't.
Commands used and parsed data shown.
(I gave an RSA example as a known good working example)
./openssl version
OpenSSL 1.0.2a 19 Mar 2015
echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext
#EC fails
================
./openssl ecparam -name prime192v1 -genkey -out ecc.key
./openssl req -x509 -new -key ecc.key -out ecc.crt
./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
-inkey ecc.key
Error decrypting CMS structure
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:529:
EnvelopedData
----------------------
./openssl asn1parse -in encsess.bin
0:d=0 hl=4 l= 312 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData
15:d=1 hl=4 l= 297 cons: cont [ 0 ]
19:d=2 hl=4 l= 293 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :02
26:d=3 hl=3 l= 234 cons: SET
29:d=4 hl=3 l= 231 cons: cont [ 1 ]
32:d=5 hl=2 l= 1 prim: INTEGER :03
35:d=5 hl=2 l= 65 cons: cont [ 0 ]
37:d=6 hl=2 l= 63 cons: cont [ 1 ]
39:d=7 hl=2 l= 9 cons: SEQUENCE
41:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
50:d=7 hl=2 l= 50 prim: BIT STRING
102:d=5 hl=2 l= 28 cons: SEQUENCE
104:d=6 hl=2 l= 9 prim: OBJECT
:dhSinglePass-stdDH-sha1kdf-scheme
115:d=6 hl=2 l= 15 cons: SEQUENCE
117:d=7 hl=2 l= 11 prim: OBJECT :id-smime-alg-CMS3DESwrap
130:d=7 hl=2 l= 0 prim: NULL
132:d=5 hl=3 l= 128 cons: SEQUENCE
135:d=6 hl=2 l= 126 cons: SEQUENCE
137:d=7 hl=2 l= 82 cons: SEQUENCE
139:d=8 hl=2 l= 69 cons: SEQUENCE
141:d=9 hl=2 l= 11 cons: SET
143:d=10 hl=2 l= 9 cons: SEQUENCE
145:d=11 hl=2 l= 3 prim: OBJECT :countryName
150:d=11 hl=2 l= 2 prim: PRINTABLESTRING :AU
154:d=9 hl=2 l= 19 cons: SET
156:d=10 hl=2 l= 17 cons: SEQUENCE
158:d=11 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
163:d=11 hl=2 l= 10 prim: UTF8STRING :Some-State
175:d=9 hl=2 l= 33 cons: SET
177:d=10 hl=2 l= 31 cons: SEQUENCE
179:d=11 hl=2 l= 3 prim: OBJECT :organizationName
184:d=11 hl=2 l= 24 prim: UTF8STRING :Internet Widgits Pty Ltd
210:d=8 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05
221:d=7 hl=2 l= 40 prim: OCTET STRING [HEX
DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99
263:d=3 hl=2 l= 51 cons: SEQUENCE
265:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
276:d=4 hl=2 l= 20 cons: SEQUENCE
278:d=5 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
288:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E924DA6FC08FC3AC
298:d=4 hl=2 l= 16 prim: cont [ 0 ]
cmadden at ubuntu:~/openssl-1.0.2a/apps$
Private Key
----------------
cat ecc.key
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA
BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt
sw==
-----END EC PRIVATE KEY-----
Public Key Cert
------------------------
./openssl asn1parse -in ecc.crt
0:d=0 hl=4 l= 434 cons: SEQUENCE
4:d=1 hl=4 l= 359 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05
24:d=2 hl=2 l= 10 cons: SEQUENCE
26:d=3 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
36:d=2 hl=2 l= 69 cons: SEQUENCE
38:d=3 hl=2 l= 11 cons: SET
40:d=4 hl=2 l= 9 cons: SEQUENCE
42:d=5 hl=2 l= 3 prim: OBJECT :countryName
47:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
51:d=3 hl=2 l= 19 cons: SET
53:d=4 hl=2 l= 17 cons: SEQUENCE
55:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
60:d=5 hl=2 l= 10 prim: UTF8STRING :Some-State
72:d=3 hl=2 l= 33 cons: SET
74:d=4 hl=2 l= 31 cons: SEQUENCE
76:d=5 hl=2 l= 3 prim: OBJECT :organizationName
81:d=5 hl=2 l= 24 prim: UTF8STRING :Internet Widgits Pty Ltd
107:d=2 hl=2 l= 30 cons: SEQUENCE
109:d=3 hl=2 l= 13 prim: UTCTIME :150326134803Z
124:d=3 hl=2 l= 13 prim: UTCTIME :150425134803Z
139:d=2 hl=2 l= 69 cons: SEQUENCE
141:d=3 hl=2 l= 11 cons: SET
143:d=4 hl=2 l= 9 cons: SEQUENCE
145:d=5 hl=2 l= 3 prim: OBJECT :countryName
150:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
154:d=3 hl=2 l= 19 cons: SET
156:d=4 hl=2 l= 17 cons: SEQUENCE
158:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
163:d=5 hl=2 l= 10 prim: UTF8STRING :Some-State
175:d=3 hl=2 l= 33 cons: SET
177:d=4 hl=2 l= 31 cons: SEQUENCE
179:d=5 hl=2 l= 3 prim: OBJECT :organizationName
184:d=5 hl=2 l= 24 prim: UTF8STRING :Internet Widgits Pty Ltd
210:d=2 hl=2 l= 73 cons: SEQUENCE
212:d=3 hl=2 l= 19 cons: SEQUENCE
214:d=4 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
223:d=4 hl=2 l= 8 prim: OBJECT :prime192v1
233:d=3 hl=2 l= 50 prim: BIT STRING
285:d=2 hl=2 l= 80 cons: cont [ 3 ]
287:d=3 hl=2 l= 78 cons: SEQUENCE
289:d=4 hl=2 l= 29 cons: SEQUENCE
291:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key
Identifier
296:d=5 hl=2 l= 22 prim: OCTET STRING [HEX
DUMP]:0414E7FF07F301CFA245981893B949E46A68EF4FD1B7
320:d=4 hl=2 l= 31 cons: SEQUENCE
322:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
Identifier
327:d=5 hl=2 l= 24 prim: OCTET STRING [HEX
DUMP]:30168014E7FF07F301CFA245981893B949E46A68EF4FD1B7
353:d=4 hl=2 l= 12 cons: SEQUENCE
355:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
360:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
367:d=1 hl=2 l= 10 cons: SEQUENCE
369:d=2 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
379:d=1 hl=2 l= 57 prim: BIT STRING
#RSA works
================
./openssl genrsa -out rsa.key 2048
./openssl req -x509 -new -key rsa.key -out rsa.crt
./openssl cms -encrypt -in sess.txt -out rsaencsess.bin -outform PEM rsa.crt
./openssl cms -decrypt -in rsaencsess.bin -out rsadecsess.txt -inform PEM
-inkey rsa.key
#AOK.
thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/7b054748/attachment.html>
More information about the openssl-users
mailing list