[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
crashedmind at gmail.com
Thu Mar 26 21:54:24 UTC 2015
>> I am playing with openssl 1.0.2a - specifically CMS support for ECC.
>> But what I think should work doesn't.
>> Commands used and parsed data shown.
>> (I gave an RSA example as a known good working example)
>> ./openssl version
>> OpenSSL 1.0.2a 19 Mar 2015
>> echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext
>> #EC fails
>> ./openssl ecparam -name prime192v1 -genkey -out ecc.key
>> ./openssl req -x509 -new -key ecc.key -out ecc.crt
>> ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM
>> ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
>> -inkey ecc.key
>> Error decrypting CMS structure
>> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
>RSA can decrypt without knowing the certificate but currently EC cannot. So
>try including the option -recip ecc.crt when you decrypt.
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org
Many thanks Steve for the prompt response!
That fixed it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users