[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

Chris Madden crashedmind at gmail.com
Thu Mar 26 15:48:52 UTC 2015


Hi,
I am playing with openssl 1.0.2a - specifically CMS support for ECC.
But what I think should work doesn't.
Commands used and parsed data shown.
(I gave an RSA example as a known good working example)

./openssl version
OpenSSL 1.0.2a 19 Mar 2015

echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext


#EC fails
================
  ./openssl ecparam -name prime192v1 -genkey -out ecc.key
  ./openssl req -x509 -new -key ecc.key -out ecc.crt
  ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
  ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
-inkey ecc.key
Error decrypting CMS structure
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:529:


EnvelopedData
----------------------
./openssl asn1parse -in encsess.bin
    0:d=0  hl=4 l= 312 cons: SEQUENCE
    4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
   15:d=1  hl=4 l= 297 cons: cont [ 0 ]
   19:d=2  hl=4 l= 293 cons: SEQUENCE
   23:d=3  hl=2 l=   1 prim: INTEGER           :02
   26:d=3  hl=3 l= 234 cons: SET
   29:d=4  hl=3 l= 231 cons: cont [ 1 ]
   32:d=5  hl=2 l=   1 prim: INTEGER           :03
   35:d=5  hl=2 l=  65 cons: cont [ 0 ]
   37:d=6  hl=2 l=  63 cons: cont [ 1 ]
   39:d=7  hl=2 l=   9 cons: SEQUENCE
   41:d=8  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
   50:d=7  hl=2 l=  50 prim: BIT STRING
  102:d=5  hl=2 l=  28 cons: SEQUENCE
  104:d=6  hl=2 l=   9 prim: OBJECT
 :dhSinglePass-stdDH-sha1kdf-scheme
  115:d=6  hl=2 l=  15 cons: SEQUENCE
  117:d=7  hl=2 l=  11 prim: OBJECT            :id-smime-alg-CMS3DESwrap
  130:d=7  hl=2 l=   0 prim: NULL
  132:d=5  hl=3 l= 128 cons: SEQUENCE
  135:d=6  hl=2 l= 126 cons: SEQUENCE
  137:d=7  hl=2 l=  82 cons: SEQUENCE
  139:d=8  hl=2 l=  69 cons: SEQUENCE
  141:d=9  hl=2 l=  11 cons: SET
  143:d=10 hl=2 l=   9 cons: SEQUENCE
  145:d=11 hl=2 l=   3 prim: OBJECT            :countryName
  150:d=11 hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=9  hl=2 l=  19 cons: SET
  156:d=10 hl=2 l=  17 cons: SEQUENCE
  158:d=11 hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
  163:d=11 hl=2 l=  10 prim: UTF8STRING        :Some-State
  175:d=9  hl=2 l=  33 cons: SET
  177:d=10 hl=2 l=  31 cons: SEQUENCE
  179:d=11 hl=2 l=   3 prim: OBJECT            :organizationName
  184:d=11 hl=2 l=  24 prim: UTF8STRING        :Internet Widgits Pty Ltd
  210:d=8  hl=2 l=   9 prim: INTEGER           :C09819AB3ECC9A05
  221:d=7  hl=2 l=  40 prim: OCTET STRING      [HEX
DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99
  263:d=3  hl=2 l=  51 cons: SEQUENCE
  265:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  276:d=4  hl=2 l=  20 cons: SEQUENCE
  278:d=5  hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
  288:d=5  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:E924DA6FC08FC3AC
  298:d=4  hl=2 l=  16 prim: cont [ 0 ]
cmadden at ubuntu:~/openssl-1.0.2a/apps$



Private Key
----------------
cat ecc.key
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA
BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt
sw==
-----END EC PRIVATE KEY-----


Public Key Cert
------------------------
./openssl asn1parse -in ecc.crt
    0:d=0  hl=4 l= 434 cons: SEQUENCE
    4:d=1  hl=4 l= 359 cons: SEQUENCE
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=   9 prim: INTEGER           :C09819AB3ECC9A05
   24:d=2  hl=2 l=  10 cons: SEQUENCE
   26:d=3  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
   36:d=2  hl=2 l=  69 cons: SEQUENCE
   38:d=3  hl=2 l=  11 cons: SET
   40:d=4  hl=2 l=   9 cons: SEQUENCE
   42:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   47:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
   51:d=3  hl=2 l=  19 cons: SET
   53:d=4  hl=2 l=  17 cons: SEQUENCE
   55:d=5  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
   60:d=5  hl=2 l=  10 prim: UTF8STRING        :Some-State
   72:d=3  hl=2 l=  33 cons: SET
   74:d=4  hl=2 l=  31 cons: SEQUENCE
   76:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   81:d=5  hl=2 l=  24 prim: UTF8STRING        :Internet Widgits Pty Ltd
  107:d=2  hl=2 l=  30 cons: SEQUENCE
  109:d=3  hl=2 l=  13 prim: UTCTIME           :150326134803Z
  124:d=3  hl=2 l=  13 prim: UTCTIME           :150425134803Z
  139:d=2  hl=2 l=  69 cons: SEQUENCE
  141:d=3  hl=2 l=  11 cons: SET
  143:d=4  hl=2 l=   9 cons: SEQUENCE
  145:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  150:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=3  hl=2 l=  19 cons: SET
  156:d=4  hl=2 l=  17 cons: SEQUENCE
  158:d=5  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
  163:d=5  hl=2 l=  10 prim: UTF8STRING        :Some-State
  175:d=3  hl=2 l=  33 cons: SET
  177:d=4  hl=2 l=  31 cons: SEQUENCE
  179:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  184:d=5  hl=2 l=  24 prim: UTF8STRING        :Internet Widgits Pty Ltd
  210:d=2  hl=2 l=  73 cons: SEQUENCE
  212:d=3  hl=2 l=  19 cons: SEQUENCE
  214:d=4  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
  223:d=4  hl=2 l=   8 prim: OBJECT            :prime192v1
  233:d=3  hl=2 l=  50 prim: BIT STRING
  285:d=2  hl=2 l=  80 cons: cont [ 3 ]
  287:d=3  hl=2 l=  78 cons: SEQUENCE
  289:d=4  hl=2 l=  29 cons: SEQUENCE
  291:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key
Identifier
  296:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX
DUMP]:0414E7FF07F301CFA245981893B949E46A68EF4FD1B7
  320:d=4  hl=2 l=  31 cons: SEQUENCE
  322:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
Identifier
  327:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX
DUMP]:30168014E7FF07F301CFA245981893B949E46A68EF4FD1B7
  353:d=4  hl=2 l=  12 cons: SEQUENCE
  355:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  360:d=5  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
  367:d=1  hl=2 l=  10 cons: SEQUENCE
  369:d=2  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
  379:d=1  hl=2 l=  57 prim: BIT STRING



#RSA works
================
./openssl genrsa -out rsa.key 2048
./openssl req -x509 -new -key rsa.key -out rsa.crt
./openssl cms -encrypt -in sess.txt -out rsaencsess.bin -outform PEM rsa.crt
./openssl cms -decrypt -in rsaencsess.bin -out rsadecsess.txt -inform PEM
-inkey rsa.key
#AOK.


thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/7b054748/attachment.html>


More information about the openssl-users mailing list