Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
>> Hi, >> I am playing with openssl 1.0.2a - specifically CMS support for ECC. >> But what I think should work doesn't. >> Commands used and parsed data shown. >> (I gave an RSA example as a known good working example) >> >> ./openssl version >> OpenSSL 1.0.2a 19 Mar 2015 >> >> echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext >> >> >> #EC fails >> >> ./openssl ecparam -name prime192v1 -genkey -out ecc.key >> ./openssl req -x509 -new -key ecc.key -out ecc.crt >> ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt >> ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM >> -inkey ecc.key >> Error decrypting CMS structure >> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad >> decrypt:evp_enc.c:529: >> > >RSA can decrypt without knowing the certificate but currently EC cannot. So >try including the option -recip ecc.crt when you decrypt. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org Many thanks Steve for the prompt response! That fixed it. Chris > ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
On Thu, Mar 26, 2015, Chris Madden wrote: > Hi, > I am playing with openssl 1.0.2a - specifically CMS support for ECC. > But what I think should work doesn't. > Commands used and parsed data shown. > (I gave an RSA example as a known good working example) > > ./openssl version > OpenSSL 1.0.2a 19 Mar 2015 > > echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext > > > #EC fails > > ./openssl ecparam -name prime192v1 -genkey -out ecc.key > ./openssl req -x509 -new -key ecc.key -out ecc.crt > ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt > ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM > -inkey ecc.key > Error decrypting CMS structure > error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad > decrypt:evp_enc.c:529: > RSA can decrypt without knowing the certificate but currently EC cannot. So try including the option -recip ecc.crt when you decrypt. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Hi, I am playing with openssl 1.0.2a - specifically CMS support for ECC. But what I think should work doesn't. Commands used and parsed data shown. (I gave an RSA example as a known good working example) ./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: EnvelopedData -- ./openssl asn1parse -in encsess.bin 0:d=0 hl=4 l= 312 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData 15:d=1 hl=4 l= 297 cons: cont [ 0 ] 19:d=2 hl=4 l= 293 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :02 26:d=3 hl=3 l= 234 cons: SET 29:d=4 hl=3 l= 231 cons: cont [ 1 ] 32:d=5 hl=2 l= 1 prim: INTEGER :03 35:d=5 hl=2 l= 65 cons: cont [ 0 ] 37:d=6 hl=2 l= 63 cons: cont [ 1 ] 39:d=7 hl=2 l= 9 cons: SEQUENCE 41:d=8 hl=2 l= 7 prim: OBJECT:id-ecPublicKey 50:d=7 hl=2 l= 50 prim: BIT STRING 102:d=5 hl=2 l= 28 cons: SEQUENCE 104:d=6 hl=2 l= 9 prim: OBJECT :dhSinglePass-stdDH-sha1kdf-scheme 115:d=6 hl=2 l= 15 cons: SEQUENCE 117:d=7 hl=2 l= 11 prim: OBJECT:id-smime-alg-CMS3DESwrap 130:d=7 hl=2 l= 0 prim: NULL 132:d=5 hl=3 l= 128 cons: SEQUENCE 135:d=6 hl=2 l= 126 cons: SEQUENCE 137:d=7 hl=2 l= 82 cons: SEQUENCE 139:d=8 hl=2 l= 69 cons: SEQUENCE 141:d=9 hl=2 l= 11 cons: SET 143:d=10 hl=2 l= 9 cons: SEQUENCE 145:d=11 hl=2 l= 3 prim: OBJECT:countryName 150:d=11 hl=2 l= 2 prim: PRINTABLESTRING :AU 154:d=9 hl=2 l= 19 cons: SET 156:d=10 hl=2 l= 17 cons: SEQUENCE 158:d=11 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 163:d=11 hl=2 l= 10 prim: UTF8STRING:Some-State 175:d=9 hl=2 l= 33 cons: SET 177:d=10 hl=2 l= 31 cons: SEQUENCE 179:d=11 hl=2 l= 3 prim: OBJECT:organizationName 184:d=11 hl=2 l= 24 prim: UTF8STRING:Internet Widgits Pty Ltd 210:d=8 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05 221:d=7 hl=2 l= 40 prim: OCTET STRING [HEX DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99 263:d=3 hl=2 l= 51 cons: SEQUENCE 265:d=4 hl=2 l= 9 prim: OBJECT:pkcs7-data 276:d=4 hl=2 l= 20 cons: SEQUENCE 278:d=5 hl=2 l= 8 prim: OBJECT:des-ede3-cbc 288:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E924DA6FC08FC3AC 298:d=4 hl=2 l= 16 prim: cont [ 0 ] cmadden@ubuntu:~/openssl-1.0.2a/apps$ Private Key cat ecc.key -BEGIN EC PARAMETERS- BggqhkjOPQMBAQ== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt sw== -END EC PRIVATE KEY- Public Key Cert ./openssl asn1parse -in ecc.crt 0:d=0 hl=4 l= 434 cons: SEQUENCE 4:d=1 hl=4 l= 359 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05 24:d=2 hl=2 l= 10 cons: SEQUENCE 26:d=3 hl=2 l= 8 prim: OBJECT:ecdsa-with-SHA256 36:d=2 hl=2 l= 69 cons: SEQUENCE 38:d=3 hl=2 l= 11 cons: SET 40:d=4 hl=2 l= 9 cons: SEQUENCE 42:d=5 hl=2 l= 3 prim: OBJECT:countryName 47:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 51:d=3 hl=2 l= 19 cons: SET 53:d=4 hl=2 l= 17 cons: SEQUENCE 55:d=5 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 60:d=5 hl=2 l= 10 prim: UTF8STRING:Some-State 72:d=3 hl=2 l= 33 cons: SET 74:d=4 hl=2 l= 31 cons: SEQUENCE 76:d=5 hl=2 l= 3 prim: OBJECT:organizationName 81:d=5 hl=2 l= 24 prim: UTF8STRING:Internet Widgits Pty Ltd 107:d=2 hl=2 l= 30 cons: SEQUENCE 109:d=3 hl=2 l= 13 prim: UTCTIME :150326134803Z 124:d=3 hl=2 l= 13 prim: UTCTIME :150425134803Z 139:d=2 hl=2 l= 69 cons: SEQUENCE 141:d=3 hl=2 l= 11 cons: SET 143:d=4 hl=2 l= 9 cons: SEQUENCE 145:d=5 hl=2 l= 3 prim: OBJECT:countryName 150:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 154:d=3 hl=2 l= 19 cons: SET 156:d=4 hl=2 l= 17 cons: SEQUENCE 158:d=5 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 163:d=5 hl=2 l= 10 prim: UTF8STRING:Some-State 175:d=3 hl=2 l= 33 cons: SET 177:d=4 hl=2 l= 31 cons: SEQUENCE 179:d=5 hl=2 l= 3 prim: OBJECT:o