[openssl-users] How to turn on certain elements in CMS objects

Dr. Stephen Henson steve at openssl.org
Wed Jul 6 13:46:00 UTC 2016 

On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote:

> Hi,
> 
> this message is related to another question that I sent with subject
> "Unable to decrypt CMS object encrypted with EC prime256v1
> certificate".
> 
> Below I have included the full ASN.1 dump of the CMS object
> generated by a third-party application.
> 
> The CMS object has two properties that I so far was not able to
> reproduce when creating CMS objects with OpenSSL:
> 
> First the AlgorithmIdentifier includes the EC curve name:
> 
>   40   19:               SEQUENCE {
>   42    7:                 OBJECT IDENTIFIER ecPublicKey (1 2 840
> 10045 2 1)
>   51    8:                 OBJECT IDENTIFIER ansiX9p256r1 (1 2 840
> 10045 3 1 7)
>          :                 }
> 
> In CMS objects created with OpenSSL with the same recipient
> certificate, the curve name is always omitted. Is it possible to
> make OpenSSL emit the curve name as well?
> 

No as this is a violation of the standards. From RFC3278:

      originator MUST be the alternative originatorKey.  The
      originatorKey algorithm field MUST contain the id-ecPublicKey
      object identifier (see Section 8.1) with NULL parameters.  The
      originatorKey publicKey field MUST contain the DER-encoding of a
      value of the ASN.1 type ECPoint (see Section 8.2), which
      represents the sending agent's ephemeral EC public key.


> Second the following:
> 
>  129   10:           [1] {
>  131    8:             OCTET STRING B1 04 4A FD FC 8B 70 6D
>          :             }
> 
> If I match this correctly to RFC 5652, this is
> 
> ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL
> 
> inside the KeyAgreeRecipientInfo SEQUENCE (see
> https://tools.ietf.org/html/rfc5652#section-6.2.2).
> 
> Can OpenSSL emit this optional element?

Yes but not using the command line utility. It would require a custom program
to set the parameter using the CMS API.

> What is the purpose of the "ukm" field?
> 

It provides some additional optional random data used in the key encryption
key derivation algorithm.

Note that you can get a diagnistic dump using:

  openssl cms -cmsout -inform DER -print -in cmd.der

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list