subject:"\[openssl\-users\] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails\?"

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

2015-03-26 Thread Dr. Stephen Henson

On Thu, Mar 26, 2015, Chris Madden wrote:

 Hi,
 I am playing with openssl 1.0.2a - specifically CMS support for ECC.
 But what I think should work doesn't.
 Commands used and parsed data shown.
 (I gave an RSA example as a known good working example)
 
 ./openssl version
 OpenSSL 1.0.2a 19 Mar 2015
 
 echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext
 
 
 #EC fails
 
   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
   ./openssl req -x509 -new -key ecc.key -out ecc.crt
   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
 -inkey ecc.key
 Error decrypting CMS structure
 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
 decrypt:evp_enc.c:529:
 

RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

2015-03-26 Thread Chris Madden

 Hi,
 I am playing with openssl 1.0.2a - specifically CMS support for ECC.
 But what I think should work doesn't.
 Commands used and parsed data shown.
 (I gave an RSA example as a known good working example)

 ./openssl version
 OpenSSL 1.0.2a 19 Mar 2015

 echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext


 #EC fails
 
   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
   ./openssl req -x509 -new -key ecc.key -out ecc.crt
   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM
ecc.crt
   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
 -inkey ecc.key
 Error decrypting CMS structure
 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
 decrypt:evp_enc.c:529:


RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Many thanks Steve for the prompt response!
That fixed it.
Chris


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

2015-03-26 Thread Chris Madden

Hi,
I am playing with openssl 1.0.2a - specifically CMS support for ECC.
But what I think should work doesn't.
Commands used and parsed data shown.
(I gave an RSA example as a known good working example)

./openssl version
OpenSSL 1.0.2a 19 Mar 2015

echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext


#EC fails

  ./openssl ecparam -name prime192v1 -genkey -out ecc.key
  ./openssl req -x509 -new -key ecc.key -out ecc.crt
  ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
  ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
-inkey ecc.key
Error decrypting CMS structure
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:529:


EnvelopedData
--
./openssl asn1parse -in encsess.bin
0:d=0  hl=4 l= 312 cons: SEQUENCE
4:d=1  hl=2 l=   9 prim: OBJECT:pkcs7-envelopedData
   15:d=1  hl=4 l= 297 cons: cont [ 0 ]
   19:d=2  hl=4 l= 293 cons: SEQUENCE
   23:d=3  hl=2 l=   1 prim: INTEGER   :02
   26:d=3  hl=3 l= 234 cons: SET
   29:d=4  hl=3 l= 231 cons: cont [ 1 ]
   32:d=5  hl=2 l=   1 prim: INTEGER   :03
   35:d=5  hl=2 l=  65 cons: cont [ 0 ]
   37:d=6  hl=2 l=  63 cons: cont [ 1 ]
   39:d=7  hl=2 l=   9 cons: SEQUENCE
   41:d=8  hl=2 l=   7 prim: OBJECT:id-ecPublicKey
   50:d=7  hl=2 l=  50 prim: BIT STRING
  102:d=5  hl=2 l=  28 cons: SEQUENCE
  104:d=6  hl=2 l=   9 prim: OBJECT
 :dhSinglePass-stdDH-sha1kdf-scheme
  115:d=6  hl=2 l=  15 cons: SEQUENCE
  117:d=7  hl=2 l=  11 prim: OBJECT:id-smime-alg-CMS3DESwrap
  130:d=7  hl=2 l=   0 prim: NULL
  132:d=5  hl=3 l= 128 cons: SEQUENCE
  135:d=6  hl=2 l= 126 cons: SEQUENCE
  137:d=7  hl=2 l=  82 cons: SEQUENCE
  139:d=8  hl=2 l=  69 cons: SEQUENCE
  141:d=9  hl=2 l=  11 cons: SET
  143:d=10 hl=2 l=   9 cons: SEQUENCE
  145:d=11 hl=2 l=   3 prim: OBJECT:countryName
  150:d=11 hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=9  hl=2 l=  19 cons: SET
  156:d=10 hl=2 l=  17 cons: SEQUENCE
  158:d=11 hl=2 l=   3 prim: OBJECT:stateOrProvinceName
  163:d=11 hl=2 l=  10 prim: UTF8STRING:Some-State
  175:d=9  hl=2 l=  33 cons: SET
  177:d=10 hl=2 l=  31 cons: SEQUENCE
  179:d=11 hl=2 l=   3 prim: OBJECT:organizationName
  184:d=11 hl=2 l=  24 prim: UTF8STRING:Internet Widgits Pty Ltd
  210:d=8  hl=2 l=   9 prim: INTEGER   :C09819AB3ECC9A05
  221:d=7  hl=2 l=  40 prim: OCTET STRING  [HEX
DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99
  263:d=3  hl=2 l=  51 cons: SEQUENCE
  265:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
  276:d=4  hl=2 l=  20 cons: SEQUENCE
  278:d=5  hl=2 l=   8 prim: OBJECT:des-ede3-cbc
  288:d=5  hl=2 l=   8 prim: OCTET STRING  [HEX DUMP]:E924DA6FC08FC3AC
  298:d=4  hl=2 l=  16 prim: cont [ 0 ]
cmadden@ubuntu:~/openssl-1.0.2a/apps$



Private Key

cat ecc.key
-BEGIN EC PARAMETERS-
BggqhkjOPQMBAQ==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA
BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt
sw==
-END EC PRIVATE KEY-


Public Key Cert

./openssl asn1parse -in ecc.crt
0:d=0  hl=4 l= 434 cons: SEQUENCE
4:d=1  hl=4 l= 359 cons: SEQUENCE
8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER   :02
   13:d=2  hl=2 l=   9 prim: INTEGER   :C09819AB3ECC9A05
   24:d=2  hl=2 l=  10 cons: SEQUENCE
   26:d=3  hl=2 l=   8 prim: OBJECT:ecdsa-with-SHA256
   36:d=2  hl=2 l=  69 cons: SEQUENCE
   38:d=3  hl=2 l=  11 cons: SET
   40:d=4  hl=2 l=   9 cons: SEQUENCE
   42:d=5  hl=2 l=   3 prim: OBJECT:countryName
   47:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
   51:d=3  hl=2 l=  19 cons: SET
   53:d=4  hl=2 l=  17 cons: SEQUENCE
   55:d=5  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
   60:d=5  hl=2 l=  10 prim: UTF8STRING:Some-State
   72:d=3  hl=2 l=  33 cons: SET
   74:d=4  hl=2 l=  31 cons: SEQUENCE
   76:d=5  hl=2 l=   3 prim: OBJECT:organizationName
   81:d=5  hl=2 l=  24 prim: UTF8STRING:Internet Widgits Pty Ltd
  107:d=2  hl=2 l=  30 cons: SEQUENCE
  109:d=3  hl=2 l=  13 prim: UTCTIME   :150326134803Z
  124:d=3  hl=2 l=  13 prim: UTCTIME   :150425134803Z
  139:d=2  hl=2 l=  69 cons: SEQUENCE
  141:d=3  hl=2 l=  11 cons: SET
  143:d=4  hl=2 l=   9 cons: SEQUENCE
  145:d=5  hl=2 l=   3 prim: OBJECT:countryName
  150:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=3  hl=2 l=  19 cons: SET
  156:d=4  hl=2 l=  17 cons: SEQUENCE
  158:d=5  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
  163:d=5  hl=2 l=  10 prim: UTF8STRING:Some-State
  175:d=3  hl=2 l=  33 cons: SET
  177:d=4  hl=2 l=  31 cons: SEQUENCE
  179:d=5  hl=2 l=   3 prim: OBJECT

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

3 matches

Site Navigation

Mail list logo

Footer information