On Wed, Aug 25, 2021 at 04:00:31PM -0400, Craig Gallek wrote:
The openssl smime utility only supports RSA keys for encryption (more specifically, the PKCS7 container that it uses can't be used with other key types). The cms utility supports newer versions of the SMIME RFCs, including the use DH ephemeral-static algorithms for encrypting the symmetric key used during message encryption.
Thanks for the patch.I haven't used S/MIME in a while, but if Debian has already made the change this seems safe enough. I've applied and pushed it up to master.
If anyone encounters issues with the change please let me know. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature