I had written a message about this issue to openssl-users, but received no reaction.
As OpenSSL cannot decrypt data encrypted by itself, this looks like a defect. It is also not possible to decrypt RC4-encrypted CMS objects created by third-party software. This was reproduced with the current HEAD revision from the OpenSSL_1_0_2-stable branch, namely with Git revision e76f48539109829819aabc03953cf2cfd4612961. How to reproduce: Create a self-signed certificate, encrypt some data as a CMS message with "-rc4" using the certificate as a recipient, and try to decrypt it again. This fails with an error message: $ echo "abcdefg" >data.txt $ openssl req -x509 -newkey rsa:2048 -keyout key.pem -nodes -out cert.pem -days 100 -subj "/CN=RC4 CMS Test" Generating a 2048 bit RSA private key ............................................................+++ ...+++ writing new private key to 'key.pem' ----- $ openssl cms -rc4 -encrypt -binary -in data.txt -out data.txt.cms -outform DER cert.pem $ openssl cms -decrypt -in data.txt.cms -inform DER -out data2.txt -inkey key.pem -recip cert.pem Error decrypting CMS structure 140735291474768:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:cms_enc.c:128: With other encryption algorithms, this works as expected. The same problem is also reproducible with the "openssl smime" command. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4429 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
