[openssl-users] CMS with Symmetric key

Wim Lewis wiml at omnigroup.com
Mon Apr 4 22:58:04 UTC 2016

On Apr 4, 2016, at 3:42 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> Unless you can point out a clause in the "CMS" format RFCs
> that allow use without X.509 certificates, there is no reason
> why the "CMS" part of the OpenSSL library should be able to
> any such thing.

The CMS RFC (RFC 5652) specifies password based key derivation (in addition to asymmetric-key crypto key transport or agreement, and also a symmetric-cryptography key transport mechanism). See section 6.2.

It looks like password based key derivation wasn't in the original PKCS#7, but was introduced in a 2001 specification (RFC 3211) and was folded into the 2002 revision of CMS (RFC 3369).

More information about the openssl-users mailing list