[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

Chris Madden crashedmind at gmail.com
Thu Mar 26 21:54:24 UTC 2015

>> Hi,
>> I am playing with openssl 1.0.2a - specifically CMS support for ECC.
>> But what I think should work doesn't.
>> Commands used and parsed data shown.
>> (I gave an RSA example as a known good working example)
>> ./openssl version
>> OpenSSL 1.0.2a 19 Mar 2015
>> echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext
>> #EC fails
>> ================
>>   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
>>   ./openssl req -x509 -new -key ecc.key -out ecc.crt
>>   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM
>>   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
>> -inkey ecc.key
>> Error decrypting CMS structure
>> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
>> decrypt:evp_enc.c:529:
>RSA can decrypt without knowing the certificate but currently EC cannot. So
>try including the option -recip ecc.crt when you decrypt.
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org

Many thanks Steve for the prompt response!
That fixed it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/6e78bef1/attachment.html>

More information about the openssl-users mailing list