-------------------------------------------- On Tue, 4/15/14, Stephen Henson via RT <r...@openssl.org> wrote:
>> decrypting messages. Otherwise update the documentation - that > > under no circumenstances the CMS_R_NO_MATCHING_RECIPIENT is ever > > returned - you might as well remove it from any header file. > > >See the updated documentation for CMS_decrypt for reasons >why this is >necessary. If you still think there is a bug then please >post a follow up. I dont see this behavior documented here http://www.openssl.org/docs/apps/cms.html# (Im talking from the perspective of using the command line tool, not API programming) Parameter -out filename Should say something like "for -decrypt, if the operation fails, random data is written to this file - if you wish to use the old behavior use -debug_decrypt option" >> Automated gateways will typically know the recipient's >> certificate so this >> issue shouldn't arise. Actually this exactly the problem. A decryption gateway at first only has the recipients e-mail address to look up a secret key. Using this e-mail adress a lookup is performed and the secret key is returned. Now the openssl cms CMD line is called with that secret key - and there is no useable error anymore just bad decrypt - this tells me nothing at all. It *could* be that the wrong secret key was supplied, it could also be another issue (e.g. outlook doing weird encryption things). Im only talking about using the CMD client here, no direct C API - the only possible means i now have is using the openssl cms -in mailencrypted.txt -cmsout dump to grep for recipientInfos and d.issuerAndSerialNumber to figure out all the certs to which is messages was encrypted to. Then i have to take this info and lookup all associated certificates to that secret key (can be obviously multiple due renew/expired/revoked etc) and only if i can not find the cert it might most likely be the issue that the message was encrypted to the wrong user/key/cert and the current secret key of the user is wrong. Not only are there so many IFs in that - i cant even do that if i dont have all past and current issued certificates of a secret key. In this case the bleichenbacher attack does not even apply to encryption/decryption gateways if they work per user/recipient basis so the change makes no sense. Since the -debug_decrypt is not documented on the CMS page it is most likely not supported and will be removed in the near future. Please reconsider adding useful error information to failed decryption, this makes it virtually impossible to debug decryption errors without using the -debug_decrypt flag. Thanks BTW: While we are at the cms -out param documention, it would be great if -verify could cut/remove the signature of a signed messages even if i dont have the signers public key (just want to get rid of the signature) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
