CMS in openssl

Michael Mueller abaci.mjm at gmail.com
Wed Apr 22 14:06:55 UTC 2020


On Tue, Apr 21, 2020, 9:46 PM Michael Richardson <mcr at sandelman.ca> wrote:

>
> Michael Mueller <abaci.mjm at gmail.com> wrote:
>     > We've implemented what I gather can be called a CMS on Linux and
> Windows
>     > using openssl evp functions.
>
> I'm not sure why you say it this way.
> OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
> Did you implement RFC3369, or something else?
>
> You don't say if this is email or something else.
>

My bad. I thought CMS could be used as a generic reference to packaging
encrypted messages.

We are not implementing CMS as specified by IETF.

We used the openssl evp functions to quickly improve the security of an
existing proprietary data exchange system.

Now we are being asked if our evp based solution can interoperate with a
system that may support PKCS7. The thought is PKCS7 would be used to
envelope data in a manner similar to how the evp functions operate.

The request came up because the word "envelope" is used to describe evp and
PKCS7 functionality.

I suspect that evp functions are not compatible with PKCS7, but I don't
know how to easily confirm this. I also suspect it will be difficult to
explain why they are incompatible.

If evp and PKCS7 are incompatible, we might be asked if we can use PKCS7
enveloping instead of evp.

Any insights, thoughts, advice, code to read, etc would be appreciated.


>     > We need to expand this CMS to other systems, on which we have not
> been able
>     > to build openssl. These other systems have a vendor supplied security
>     > application. This application supports PKCS7.
>
>     > We are being asked if our evp CMS is interoperable with PKCS7.
>
> CMS (RFC3369/2630) is an upward revision to PKCS7 (RFC2315) 1.5.
> CMS can read PKCS7 messages, but converse is not true.
>
> I think it is possible to configure the CMS routines to produce PKCS7
> messages, but I didn't do this in my RFC8366 support. I just forklift
> upgraded to CMS.
>
>     > If it is possible and more information is required to answer this
> question,
>     > I'll provide such information.
>
>     > If not, advice on how to present that argument to management would be
>     > appreciated.
>
> You will understand them, but they won't understand you.
>
> You may be able to configure your end to generate PKCS7 easily, and it may
> have little effect.  This might degenerate until just using PKCS7
> everywhere.
>
> The major difference is the eContentType that is lacking in PKCS7.
> And algorithms: I think that there are few modern algorithms defined for
> PKCS7.
>
> You could easily run in PKCS7 mode until you receive a CMS message from the
> peer, and then upgrade to CMS.  But this winds up in a bid-down attack if
> both parties run this algorithm, so you'd want to insert some extension
> that
> said: "I can do CMS" into your PKCS7 messages.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh
> networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT
> architect   [
> ]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on
> rails    [
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200422/2bc43661/attachment.html>


More information about the openssl-users mailing list