[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Dr. Stephen Henson
steve at openssl.org
Thu Mar 26 20:14:36 UTC 2015
On Thu, Mar 26, 2015, Chris Madden wrote:
> Hi,
> I am playing with openssl 1.0.2a - specifically CMS support for ECC.
> But what I think should work doesn't.
> Commands used and parsed data shown.
> (I gave an RSA example as a known good working example)
>
> ./openssl version
> OpenSSL 1.0.2a 19 Mar 2015
>
> echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext
>
>
> #EC fails
> ================
> ./openssl ecparam -name prime192v1 -genkey -out ecc.key
> ./openssl req -x509 -new -key ecc.key -out ecc.crt
> ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
> ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
> -inkey ecc.key
> Error decrypting CMS structure
> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:evp_enc.c:529:
>
RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list