[openssl-users] CMS with Symmetric key

Abe Racioppo abe.racioppo at gmail.com
Mon Apr 11 11:34:19 UTC 2016

Thank you for the responses.

I have implemented encryption that adds a secret key, and secret key id
The output file looks correct, but I need to decrypt it back to be sure.

I would like to be able to get the secret key id from the envelope data to
then search a database for the key, and then CMS_decrypt.  I have yet to
determine the most straightforward way of getting the key ids from the
envelope/wrapped content of cms.

Is there a combination if I have SMIME_read the cms from a file like:
  keyId =  cms->envelopedData->keyId?

Or do I need to handle a stack_of recipient infos in order to get the key
id from kekri0_get_id?

Thanks again,

On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Henson <steve at openssl.org>

> On Mon, Apr 04, 2016, Abe Racioppo wrote:
> > Hey guys,
> >
> > I'm trying to use the CMS operations in libcrypto but with a symmetric
> key
> > encryption key instead of x509.
> >
> > I'm thinking I want to use a combination of
> >
> > CMS_RecipientInfo_set0_pkey,
> > SMIME_write_CMS,
> > and
> > CMS_EncryptedData_encrypt.
> >
> > Has anyone done this before and can give me some direction?  This is my
> > first time working with openssl and am getting kinda lost.
> >
> You have several options here.
> You can just use the encrypted data type with a key directly.
> You can use the enveloped data type with a symmetric wrapping key.
> You can use the enveloped data type with a password based recipient info.
> Which you use depends on the application you have in mind.
> In the first case you just call CMS_EncryptData_encrypt() followed by
> SMIME_write_CMS().
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160411/18829fbe/attachment.html>

More information about the openssl-users mailing list