subject:"\[openssl\-users\] CMS with Symmetric key"

Re: [openssl-users] CMS with Symmetric key

2016-04-12 Thread Dr. Stephen Henson

On Mon, Apr 11, 2016, Abe Racioppo wrote:

> Thank you for the responses.
> 
> I have implemented encryption that adds a secret key, and secret key id
> using:
> CMS_add0_recipient_key,
> CMS_EncryptData_encrypt,
> SMIME_write_CMS
> The output file looks correct, but I need to decrypt it back to be sure.
> 

Ah CMS_EncryptedData_encrypt() just creates the encrypted data type. If you
want to use enveloped data you use CMS_encrypt() first then
CMS_add0_recipient_key() and finally SMIME_write_CMS().

> I would like to be able to get the secret key id from the envelope data to
> then search a database for the key, and then CMS_decrypt.  I have yet to
> determine the most straightforward way of getting the key ids from the
> envelope/wrapped content of cms.
> 
> Is there a combination if I have SMIME_read the cms from a file like:
>   keyId =  cms->envelopedData->keyId?
> 
> Or do I need to handle a stack_of recipient infos in order to get the key
> id from kekri0_get_id?
> 

Yes. You need to use CMS_get0_RecipientInfos() as there can be multiple
recipients of different types.

For each recipient info you check the type with:

CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_KEY

For each match retrieve the key ID using CMS_RecipientInfo_kekri_get0_id().

If the id doesn't match a value in you database continue to the next recipient
info. If no matches return an error.

If you do get a match then call CMS_RecipientInfo_set0_key().

Finally call CMS_decrypt(): setting the key and certificate parameters to
NULL.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

2016-04-11 Thread Abe Racioppo

Thank you for the responses.

I have implemented encryption that adds a secret key, and secret key id
using:
CMS_add0_recipient_key,
CMS_EncryptData_encrypt,
SMIME_write_CMS
The output file looks correct, but I need to decrypt it back to be sure.

I would like to be able to get the secret key id from the envelope data to
then search a database for the key, and then CMS_decrypt.  I have yet to
determine the most straightforward way of getting the key ids from the
envelope/wrapped content of cms.

Is there a combination if I have SMIME_read the cms from a file like:
  keyId =  cms->envelopedData->keyId?

Or do I need to handle a stack_of recipient infos in order to get the key
id from kekri0_get_id?

Thanks again,
Abe

On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Henson 
wrote:

> On Mon, Apr 04, 2016, Abe Racioppo wrote:
>
> > Hey guys,
> >
> > I'm trying to use the CMS operations in libcrypto but with a symmetric
> key
> > encryption key instead of x509.
> >
> > I'm thinking I want to use a combination of
> >
> > CMS_RecipientInfo_set0_pkey,
> > SMIME_write_CMS,
> > and
> > CMS_EncryptedData_encrypt.
> >
> > Has anyone done this before and can give me some direction?  This is my
> > first time working with openssl and am getting kinda lost.
> >
>
> You have several options here.
>
> You can just use the encrypted data type with a key directly.
>
> You can use the enveloped data type with a symmetric wrapping key.
>
> You can use the enveloped data type with a password based recipient info.
>
> Which you use depends on the application you have in mind.
>
> In the first case you just call CMS_EncryptData_encrypt() followed by
> SMIME_write_CMS().
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>

-- 
signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

2016-04-05 Thread Dr. Stephen Henson

On Mon, Apr 04, 2016, Abe Racioppo wrote:

> Hey guys,
> 
> I'm trying to use the CMS operations in libcrypto but with a symmetric key
> encryption key instead of x509.
> 
> I'm thinking I want to use a combination of
> 
> CMS_RecipientInfo_set0_pkey,
> SMIME_write_CMS,
> and
> CMS_EncryptedData_encrypt.
> 
> Has anyone done this before and can give me some direction?  This is my
> first time working with openssl and am getting kinda lost.
> 

You have several options here.

You can just use the encrypted data type with a key directly.

You can use the enveloped data type with a symmetric wrapping key.

You can use the enveloped data type with a password based recipient info.

Which you use depends on the application you have in mind.

In the first case you just call CMS_EncryptData_encrypt() followed by
SMIME_write_CMS().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

2016-04-04 Thread Viktor Dukhovni

> On Apr 4, 2016, at 11:34 PM, Salz, Rich  wrote:
> 
>> I'm trying to use the CMS operations in libcrypto but with a symmetric key 
>> encryption key instead of x509.
> 
> We don't support this.

It looks like we do.  See crypto/cms/cms_pwri.c and the
undocumented "-pwri_password" option of the cms(1) command.

Documentation would of course be great...

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

2016-04-04 Thread Salz, Rich

> I'm trying to use the CMS operations in libcrypto but with a symmetric key 
> encryption key instead of x509.

We don't support this.

--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

2016-04-04 Thread Wim Lewis

On Apr 4, 2016, at 3:42 PM, Jakob Bohm  wrote:
> Unless you can point out a clause in the "CMS" format RFCs
> that allow use without X.509 certificates, there is no reason
> why the "CMS" part of the OpenSSL library should be able to
> any such thing.

The CMS RFC (RFC 5652) specifies password based key derivation (in addition to 
asymmetric-key crypto key transport or agreement, and also a 
symmetric-cryptography key transport mechanism). See section 6.2.

It looks like password based key derivation wasn't in the original PKCS#7, but 
was introduced in a 2001 specification (RFC 3211) and was folded into the 2002 
revision of CMS (RFC 3369).

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

2016-04-04 Thread Jakob Bohm


On 05/04/2016 00:18, Abe Racioppo wrote:

Hey guys,

I'm trying to use the CMS operations in libcrypto but with a symmetric 
key encryption key instead of x509.


I'm thinking I want to use a combination of

CMS_RecipientInfo_set0_pkey,
SMIME_write_CMS,
and
CMS_EncryptedData_encrypt.

Has anyone done this before and can give me some direction?  This is 
my first time working with openssl and am getting kinda lost.



The "CMS" operations implement the "CMS" standard, formerly
known as PKCS#7, which is based entirely on the use of X.509
certificates.

Unless you can point out a clause in the "CMS" format RFCs
that allow use without X.509 certificates, there is no reason
why the "CMS" part of the OpenSSL library should be able to
any such thing.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS with Symmetric key

2016-04-04 Thread Abe Racioppo

Hey guys,

I'm trying to use the CMS operations in libcrypto but with a symmetric key
encryption key instead of x509.

I'm thinking I want to use a combination of

CMS_RecipientInfo_set0_pkey,
SMIME_write_CMS,
and
CMS_EncryptedData_encrypt.

Has anyone done this before and can give me some direction?  This is my
first time working with openssl and am getting kinda lost.

Thanks,

Abe
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

Re: [openssl-users] CMS with Symmetric key

Re: [openssl-users] CMS with Symmetric key

Re: [openssl-users] CMS with Symmetric key

Re: [openssl-users] CMS with Symmetric key

Re: [openssl-users] CMS with Symmetric key

Re: [openssl-users] CMS with Symmetric key

[openssl-users] CMS with Symmetric key

8 matches

Site Navigation

Mail list logo

Footer information