openssl smime/cms unable to handle binary encoded message? (header too long:asn1)
Hello gentlemen, I am troubleshooting an issue with an AS2 setup, the error I'm getting is AS1_get_obect:header too long:asn1. Playing with another system, I was able to replicate the issue by switching the encoding from Base64 to Binary. Before i get a smart response... the trading partner can't switch the encoding from binary to base64,.. so here I am ;-) Apparently openssl assumes that all SMIME messages are base64 encoded, and balks when this is not the case? Basically the transmission is an encrypted and signed. The decryption goes well, but then the signature verification fails, the full error message is below. 139666245117592:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157: 139666245117592:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode error:asn_mime.c:192: 139666245117592:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:asn_mime.c:490: It looks like I'm not alone in this... https://superuser.com/questions/1097544/error-when-decompress-smime-file According to the link above... I should be able to discard the the headers and handle the binary body with openssl. Copying/Pasting from the link above... $ sed '1,/^\r$/d' suA97544.body $ openssl cms -uncompress -inform der -in suA97544.body Now, when I try this suggestion... sed does strip the MIME headers, but still when attempting to uncompress with openssl there is an error. Error reading S/MIME message 140081090963096:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1217: 140081090963096:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=CMS_ContentInfo I am hoping I am just missing something here... obviously openssl is not my forte. :-) For illustration purposes, here is the original structure: content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=SHA-1; boundary="_=4094798051677677Sterling4094798051677677MOKO" --_=4094798051677677Sterling4094798051677677MOKO content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m (Binary) --_=4094798051677677Sterling4094798051677677MOKO content-type: application/pkcs7-signature; name=EDIINTSIG.p7s (Binary) After sed... the structure looks like this... which fails to uncompress with openssl --_=4094798051677677Sterling4094798051677677MOKO content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m (Binary) --_=4094798051677677Sterling4094798051677677MOKO content-type: application/pkcs7-signature; name=EDIINTSIG.p7s ... (Binary) openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER Last but not least, if I split the two parts, remove the boundary and content-type line... I can use pkcs7 to convert the binary content for each individual file, and I get this, but I'm not sure that this is what I think it is (the data what the next step would be. Talk about shooting in the dark. LoL. openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER -BEGIN PKCS7- MIHOBgsqhkiG9woBCRABCaCBvjCAAgEAMAoGCyqGSIb3CgEJEAMIMIAGCSqGSIb3 CgEHAaCAJIAEAnicBIGMc87PK0nNK9EtqSxItVJwLCjIyUxOLMnMz9N3dfHUjTA0 4uVKhirJTLFSsPH19/Z3dnMGSeblp6Qa6hqaJRsYGicaJ5oY6hoZWRgZmJuaWTi7 uTsGGzlAFNrxcvFyKQOBQoiHZ7ACEDkqhLgGhyj4ugYHO7q7KoDlXPwV/PxDFAKC /J2BwmAxABhSKac= -END PKCS7- I suspect this is a compressed version of the actual message, but I can't get any further. Any help, recommendations, thoughts would be greatly appreciated!! Is there a solid openssl implementation that can handle the binary encoded smime message? Thanks in advance! CM.
Re: [openssl-users] cms utility "-sign" doesn't include signed content
On 10/20/2017 10:00 PM, Chris Marget wrote: I'm struggling with a PKCS7 signing operation using openssl 1.0.2g. I want to create signed messages like the one in my 'original' file (below). It seemed like extracting and then re-signing this message would be a good start. I'm able to verify/unpack the original message, but not able to sign the unpacked message to get back to where I started. I have access to the signer's certificate and private key. I hope somebody can point me in the right direction? I'm extracting the message with: openssl cms -verify -CAfile CA_cert.pem -inform pem -in original -out extracted I thought I'd be able to re-sign this message using something like: openssl cms -sign -md sha1 -in extracted -inkey signer_key -signer signer_cert -outform pem This 'sign' operation completes successfully, but produces an output that's missing the payload. Using the same procedure to sign 1MB of random data produces a result that's only 1396 bytes long: I think you want to add the option "-nodetach" dd if=/dev/urandom bs=1M count=1 | openssl cms -sign -md sha1 -inkey signer_key -signer signer_cert -outform pem | grep -v -- -- | base64 --decode | wc -c 1396 Clearly this 'sign' function doesn't do what I thought it did. How can I sign blob of data so that it looks like my 'original'? The files I'm using: original https://pastebin.com/raw/CNPLyqcm CA_cert.pem https://pastebin.com/raw/HiE6gMTN signer_key https://pastebin.com/raw/tnCXeYHg (the correct key, but not an actual secret) signer_cert https://pastebin.com/raw/ACtTVHdp Thank you! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS-supported ciphers
Hello! I see the CMS-Interface (CMS_encrypt, X_write_CMS, ...) does not support AES128-GCM. https://mta.openssl.org/pipermail/openssl-dev/2015-April/001177.html Is there a list of all supporting ciphers for CMS? Or how can I find out without trying it? Thanks! Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS/SMIME: RSASSA-PSS, RSAES-OAEP
Hello! I have an application that uses 3DES for encryption and SHA1 for signing. It is MIME-content and so I use SMIME and CMS. Is there a way to do RSAES-OAEP for keyencryption and RSASSA-PSS for signing with the commandline-tools too or do I need to use the API? Cheers, Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] cms utility "-sign" doesn't include signed content
I'm struggling with a PKCS7 signing operation using openssl 1.0.2g. I want to create signed messages like the one in my 'original' file (below). It seemed like extracting and then re-signing this message would be a good start. I'm able to verify/unpack the original message, but not able to sign the unpacked message to get back to where I started. I have access to the signer's certificate and private key. I hope somebody can point me in the right direction? I'm extracting the message with: openssl cms -verify -CAfile CA_cert.pem -inform pem -in original -out extracted I thought I'd be able to re-sign this message using something like: openssl cms -sign -md sha1 -in extracted -inkey signer_key -signer signer_cert -outform pem This 'sign' operation completes successfully, but produces an output that's missing the payload. Using the same procedure to sign 1MB of random data produces a result that's only 1396 bytes long: dd if=/dev/urandom bs=1M count=1 | openssl cms -sign -md sha1 -inkey signer_key -signer signer_cert -outform pem | grep -v -- -- | base64 --decode | wc -c 1396 Clearly this 'sign' function doesn't do what I thought it did. How can I sign blob of data so that it looks like my 'original'? The files I'm using: original https://pastebin.com/raw/CNPLyqcm CA_cert.pem https://pastebin.com/raw/HiE6gMTN signer_key https://pastebin.com/raw/tnCXeYHg (the correct key, but not an actual secret) signer_cert https://pastebin.com/raw/ACtTVHdp Thank you! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS: Encrypt with binary encoding
> On Jun 22, 2016, at 11:40 AM, c.hol...@ades.at wrote: > > Yes, but then there is no MIME-Header. > Can I have MIME with binary encoding?? Not really. If you’re using raw binary output, the output wouldn’t be a MIME body (or body-part), so a MIME header would be inappropriate. MIME requires output to be 7-bit clean (i.e., the high bit of every byte is 0), with some special exceptions. Base64 is usually the preferred encoding, although many other encodings (e.g. uuencode) are allowed. Raw binary output would not be allowed (unless you could guarantee it meets the exceptional cases, which you can’t for something like this). You could always prepend a MIME header, but that wouldn’t make your output a MIME body. TOM -- +-++ | Thomas Francis, Jr. |Preserve wildlife --| | thomas.francis...@pobox.com | Pickle a squirrel! | | http://www.bbsclient.net/ || +-++ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS: Encrypt with binary encoding
Yes, but then there is no MIME-Header. Can I have MIME with binary encoding?? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS: Encrypt with binary encoding
On 22/06/2016 17:09, c.hol...@ades.at wrote: Hi! Is there a way to get binary (not base64) encoding out of CMS-encrypt?? openssl cms -encrypt -in plain.txt mycer.cer gives me a MIME-part with Content-Transfer-Encoding: base64 But I'd like to have binary. Thanks for help! Chris -outform DER Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS: Encrypt with binary encoding
Hi! Is there a way to get binary (not base64) encoding out of CMS-encrypt?? openssl cms -encrypt -in plain.txt mycer.cer gives me a MIME-part with Content-Transfer-Encoding: base64 But I'd like to have binary. Thanks for help! Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
On Mon, Apr 11, 2016, Abe Racioppo wrote: > Thank you for the responses. > > I have implemented encryption that adds a secret key, and secret key id > using: > CMS_add0_recipient_key, > CMS_EncryptData_encrypt, > SMIME_write_CMS > The output file looks correct, but I need to decrypt it back to be sure. > Ah CMS_EncryptedData_encrypt() just creates the encrypted data type. If you want to use enveloped data you use CMS_encrypt() first then CMS_add0_recipient_key() and finally SMIME_write_CMS(). > I would like to be able to get the secret key id from the envelope data to > then search a database for the key, and then CMS_decrypt. I have yet to > determine the most straightforward way of getting the key ids from the > envelope/wrapped content of cms. > > Is there a combination if I have SMIME_read the cms from a file like: > keyId = cms->envelopedData->keyId? > > Or do I need to handle a stack_of recipient infos in order to get the key > id from kekri0_get_id? > Yes. You need to use CMS_get0_RecipientInfos() as there can be multiple recipients of different types. For each recipient info you check the type with: CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_KEY For each match retrieve the key ID using CMS_RecipientInfo_kekri_get0_id(). If the id doesn't match a value in you database continue to the next recipient info. If no matches return an error. If you do get a match then call CMS_RecipientInfo_set0_key(). Finally call CMS_decrypt(): setting the key and certificate parameters to NULL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
Thank you for the responses. I have implemented encryption that adds a secret key, and secret key id using: CMS_add0_recipient_key, CMS_EncryptData_encrypt, SMIME_write_CMS The output file looks correct, but I need to decrypt it back to be sure. I would like to be able to get the secret key id from the envelope data to then search a database for the key, and then CMS_decrypt. I have yet to determine the most straightforward way of getting the key ids from the envelope/wrapped content of cms. Is there a combination if I have SMIME_read the cms from a file like: keyId = cms->envelopedData->keyId? Or do I need to handle a stack_of recipient infos in order to get the key id from kekri0_get_id? Thanks again, Abe On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Hensonwrote: > On Mon, Apr 04, 2016, Abe Racioppo wrote: > > > Hey guys, > > > > I'm trying to use the CMS operations in libcrypto but with a symmetric > key > > encryption key instead of x509. > > > > I'm thinking I want to use a combination of > > > > CMS_RecipientInfo_set0_pkey, > > SMIME_write_CMS, > > and > > CMS_EncryptedData_encrypt. > > > > Has anyone done this before and can give me some direction? This is my > > first time working with openssl and am getting kinda lost. > > > > You have several options here. > > You can just use the encrypted data type with a key directly. > > You can use the enveloped data type with a symmetric wrapping key. > > You can use the enveloped data type with a password based recipient info. > > Which you use depends on the application you have in mind. > > In the first case you just call CMS_EncryptData_encrypt() followed by > SMIME_write_CMS(). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
On Mon, Apr 04, 2016, Abe Racioppo wrote: > Hey guys, > > I'm trying to use the CMS operations in libcrypto but with a symmetric key > encryption key instead of x509. > > I'm thinking I want to use a combination of > > CMS_RecipientInfo_set0_pkey, > SMIME_write_CMS, > and > CMS_EncryptedData_encrypt. > > Has anyone done this before and can give me some direction? This is my > first time working with openssl and am getting kinda lost. > You have several options here. You can just use the encrypted data type with a key directly. You can use the enveloped data type with a symmetric wrapping key. You can use the enveloped data type with a password based recipient info. Which you use depends on the application you have in mind. In the first case you just call CMS_EncryptData_encrypt() followed by SMIME_write_CMS(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
> On Apr 4, 2016, at 11:34 PM, Salz, Richwrote: > >> I'm trying to use the CMS operations in libcrypto but with a symmetric key >> encryption key instead of x509. > > We don't support this. It looks like we do. See crypto/cms/cms_pwri.c and the undocumented "-pwri_password" option of the cms(1) command. Documentation would of course be great... -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
> I'm trying to use the CMS operations in libcrypto but with a symmetric key > encryption key instead of x509. We don't support this. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
On Apr 4, 2016, at 3:42 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > Unless you can point out a clause in the "CMS" format RFCs > that allow use without X.509 certificates, there is no reason > why the "CMS" part of the OpenSSL library should be able to > any such thing. The CMS RFC (RFC 5652) specifies password based key derivation (in addition to asymmetric-key crypto key transport or agreement, and also a symmetric-cryptography key transport mechanism). See section 6.2. It looks like password based key derivation wasn't in the original PKCS#7, but was introduced in a 2001 specification (RFC 3211) and was folded into the 2002 revision of CMS (RFC 3369). -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS with Symmetric key
On 05/04/2016 00:18, Abe Racioppo wrote: Hey guys, I'm trying to use the CMS operations in libcrypto but with a symmetric key encryption key instead of x509. I'm thinking I want to use a combination of CMS_RecipientInfo_set0_pkey, SMIME_write_CMS, and CMS_EncryptedData_encrypt. Has anyone done this before and can give me some direction? This is my first time working with openssl and am getting kinda lost. The "CMS" operations implement the "CMS" standard, formerly known as PKCS#7, which is based entirely on the use of X.509 certificates. Unless you can point out a clause in the "CMS" format RFCs that allow use without X.509 certificates, there is no reason why the "CMS" part of the OpenSSL library should be able to any such thing. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS with Symmetric key
Hey guys, I'm trying to use the CMS operations in libcrypto but with a symmetric key encryption key instead of x509. I'm thinking I want to use a combination of CMS_RecipientInfo_set0_pkey, SMIME_write_CMS, and CMS_EncryptedData_encrypt. Has anyone done this before and can give me some direction? This is my first time working with openssl and am getting kinda lost. Thanks, Abe -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Doubt about the CMS_sign() function (in file openssl/crypto/cms/cms_smime.c)
Hi folks, My name is Luiz Laranjeira. I am an associate professor of software engineering with the University of Brasilia, Brazil. I have a group that is developing a signer and validator according to RFC 5652 (CMS/PKCS#7) and we are using OpenSSL. I would like to ask your help concerning a doubt we have: Does the CMS_sign(...) function return a full CMS/PKCS#7 object coded in ASN1 according to RFC 5652 or does it return simply the digital signature field (encrypted hash of the data plus the signed attributes) in ASN1 format? I'd appreciate your assistance with this issue. Best regards, Luiz Laranjeira ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] cms sign/verify
I am using OpenSSL version 1.0.1f and got problems while signing and verifying a file using these commands: $ openssl cms -sign -inkey Mozart.pem -signer Mozart.crt -binary -in $DOCUMENT -out $DOCUMENT.p7m $ openssl cms -verify -CAfile CAcert.pem -binary -in $DOCUMENT.p7m -out $DOCUMENT.out $ cmp $DOCUMENT $DOCUMENT.out If I omit the -binary option from both calls to openssl cms then the verified document differs from the original document because of translations LF to CR/LF. If I include the -binary option the first call to openssl works fine but the second call throws errors: Verification failure 3073672892:error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure:cms_sd.c:887: 3073672892:error:2E09D06D:CMS routines:CMS_verify:content verify error:cms_smime.c:425: How do I use openssl cms -sign/verify correctly? -- View this message in context: http://openssl.6102.n7.nabble.com/cms-sign-verify-tp58943.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [resending from the correct email address; list moderator, if you see this first, just delete the one in the non-member queue] On 2/24/15 10:10 AM, Dr. Stephen Henson wrote: So the embedded content type will be enveloped data? If so first you can check that type using CMS_get0_eContentType(). Then you can use CMS_get0_content() to retrieve the embedded content as a pointer to an OCTET STRING pointer. You should check that content is not NULL and then retrieve the encoding of the content using ASN1_STRING_data and ASN1_STRING_length. Once you have those you can decode using d2i_CMS_ContentInfo(). ok, i'm not understanding how i supply the private key for decrypting the enveloped data in this scenario. thanks, richard -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVQ33EAAoJEBg+LdNh/YEcvwAP/16TWRrGEPlVTSR9KGdezeSm 4ViStqMGbS2QHAmMHEZhypJMjuMEeeXJARXybH2ymCg8F6ATVRge5z4LGvSQheKu 5XU/sgw6T9rTuMcLuKiUnwqiIeFuz3IgDlBEwNOdS5DHXqWbfnbE6C5q/4d1mp7O IttTQlsmPNE61+jiyffK4UYTG5wnHac58l7OYVrnS08ViIeCYC9vhNV9iFaQqekB 04r9eEs0NKzbfMGaiAVyZqkCJlFvfpH55cgPqHD4xu+yUDb4zAvA0N7tmYiGSPOa nhCr9gwKKCVZvSsbZ45OUNpwrDIqFdKwgonKOfNOl28LeuMMXssrm2PM5yXvuQwR YrP/vSj+4zuWtLg1J+vOciKb3LL+WOeJtMhHu9UDdLkQ2T7uPEdkSUSNn83P6YNu DPFeW807omn3A3VgZhBbzd283/jEMkQOXZmrXOrPZ/vz95lFk4fLsDL6JtuMDryd 0aZila+Fm9NSm5AdMfC2Maf9wK2QFR/lbb7+CVi7nLWzY6nJjcHGrYvXn5NupaNF bZ78+FOgbEJ5poktU+e68Iz1RhEGtSPuc6z8n8CA7F8NdFybsBzy16V16bAoBSdO gLYWaDpWT6t2IRUkdNLwyBaMNuCMnkhl7MDjYIzZgmYWPD04yH46I9esehr99hrg 39ihWLRHKM/CZVspAh4/ =DS0I -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
On Fri, May 01, 2015, Richard Welty wrote: On 2/24/15 10:10 AM, Dr. Stephen Henson wrote: So the embedded content type will be enveloped data? If so first you can check that type using CMS_get0_eContentType(). Then you can use CMS_get0_content() to retrieve the embedded content as a pointer to an OCTET STRING pointer. You should check that content is not NULL and then retrieve the encoding of the content using ASN1_STRING_data and ASN1_STRING_length. Once you have those you can decode using d2i_CMS_ContentInfo(). ok, i'm not understanding how i supply the private key for decrypting the enveloped data in this scenario. You get back a CMS_ContentInfo structure which you can then process using the appropriate CMS functions such as CMS_decrypt(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 4/30/15 6:32 PM, Richard Welty wrote: 1) the documentation on d2i_CMS_ContentInfo() is a bit light on details about the parameters. what should the first parameter be, a certificate as with d2i_X509? ok, figured this one out for myself, should have read the d2i_X509 documentation more carefully. richard -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVQrNNAAoJEBg+LdNh/YEcDggQALFImQPZ/MlvBbOnMvELkFxM eCwZxE+BnwVpMgRnsVaTM0z2r9hY44V1jGZrw+Xfj4YXkaAXs6iIarptdg+IL9dX bNi4haTy4QMF8Uu5mvWCSLcsIO/1obXnH5FE9Ri2QMK6Jysp4vPiC379sBQyGGRm o+gF3cnpYF0+VKQX858KjE8sChJMCHgfdDU3Z79S9iEdeUeZ0ILESLRQcy8OEywp iToW6FRQuaCK36bn+23ApxUUuQIkPGcqoDDvOPSXVuTMjYLSzfFzsTXfu42yY56G Rmxg9TFfPL6WdLJb/BQoBvA6u4HWo7pZdpFUymShhezTlM5jvVAHXeHq6PZjJx8J g7bpPH6mu17ILdJMQqVo3kWhGnQVZMuR12BY6qHaBvOWxJ7lAEYjjlu+pVtgWlp3 vRbWwGfApC36UziRJpmZIYgz1e7hUrB8Mqg78f3SPK1fcWKSYV1IkRnxM7Py+PnT ISXAi6VTRmg1rNc0cnfrhegcTcwUFJVyCTCKWR4i7NlUDSHSThcmMKW5muasjL11 cr4OPfDStI7okM4GpPADL09ZnRK7J+D+UYXZYq37XnokekqAZ1/Bjs5VDKKzlfv0 7lTMxLaZ5jeIwBM4KdTn4ThFVg5Huz1lsI7yP4J2kwkdA9RIcz2jmkhvS/8N5V/F HLbQJyfjWnFX5PlAUL5u =UfG4 -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/24/15 10:10 AM, Dr. Stephen Henson wrote: On Tue, Feb 24, 2015, Richard Welty wrote: On 2/24/15 9:21 AM, Dr. Stephen Henson wrote: Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. it will not be detached, and will be in BER form. shortcuts (as long as they're in a documented API) are welcome as this is in a path that should be fast. So the embedded content type will be enveloped data? If so first you can check that type using CMS_get0_eContentType(). Then you can use CMS_get0_content() to retrieve the embedded content as a pointer to an OCTET STRING pointer. You should check that content is not NULL and then retrieve the encoding of the content using ASN1_STRING_data and ASN1_STRING_length. Once you have those you can decode using d2i_CMS_ContentInfo(). A couple of those functions are currently undocumented (that will be fixed) but nothing in that involves using structure internals. coming back to this after a bit of time; the project is finally getting fired up. there are two questions in front of me right now: 1) the documentation on d2i_CMS_ContentInfo() is a bit light on details about the parameters. what should the first parameter be, a certificate as with d2i_X509? 2) is there something roughly analogous for encryption? i need a fast-but-documented path for encrypting and signing data using BER on the server that will be decrypted client (and vice versa). thanks, richard -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVQq2BAAoJEBg+LdNh/YEc/xwQAL2QH/aH1LUATeAmGmt2h7tk n4K5ghhrIwCOlrgqXNbSS7qEmrXdRgKPhTZkJVx/Y236hqJt/AqjyB0geCmDIuMi uOXzPXlWInj6jg9kjGq+jEMeG9Czu1i/DfSJjB01N6asEx8YKvNZUVnNqKj8fkBi iit0a5/61B26bd8oGVAFfM6gMJMBZRWqbPSFhjPyB2tMWMOfnZ7N08N66qz29/Xk vKiG1EEj6SRAPTFhzqzLzZphtShWDXeQP6pfrSRJ6AGiTfX2Gvn/7iwUiPUF3sLX 8ULskp3XyWeA/L71vLUNvo49XVdx/7lCj4o8nbCrI+/fgIREPAdI+AzvsxYv8wFH K/pSYZOL5ag+YiMBt9pfPCxhUebjz4KS9InoT4g15x8DuhosiB/6JWOFsKpHENxX 5TO/tRteopWmQ0PBCbrrBG58Gdg0t7OW6tBM0e13cYLTfUc93eOb7lJhuMOzzkqJ i6VF99Cosj8WcjZuh4hASVHe7h9pBOlabl8xHlSocbn91Q68RnwpQ12HoQMhjqze 1Za4yaQagcd8OnBoRc8gXCWUGNfLRYjEXdXaKt1AlFWQHa6h2ZcGwgoMukg+Fu1Z AyY7vaxIPa3wBR1eNhv15hrgwBmoWPzTgoupTbbiP4e5HnmcdWUcjnKvOd+kamQG SHhG4PeipRKHtJ1OzA5Q =vlyk -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
On Thu, Mar 26, 2015, Chris Madden wrote: Hi, I am playing with openssl 1.0.2a - specifically CMS support for ECC. But what I think should work doesn't. Commands used and parsed data shown. (I gave an RSA example as a known good working example) ./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 sess.txt # 32 byte plaintext #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: RSA can decrypt without knowing the certificate but currently EC cannot. So try including the option -recip ecc.crt when you decrypt. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Hi, I am playing with openssl 1.0.2a - specifically CMS support for ECC. But what I think should work doesn't. Commands used and parsed data shown. (I gave an RSA example as a known good working example) ./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 sess.txt # 32 byte plaintext #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: RSA can decrypt without knowing the certificate but currently EC cannot. So try including the option -recip ecc.crt when you decrypt. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org Many thanks Steve for the prompt response! That fixed it. Chris ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?
Hi, I am playing with openssl 1.0.2a - specifically CMS support for ECC. But what I think should work doesn't. Commands used and parsed data shown. (I gave an RSA example as a known good working example) ./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 sess.txt # 32 byte plaintext #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: EnvelopedData -- ./openssl asn1parse -in encsess.bin 0:d=0 hl=4 l= 312 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData 15:d=1 hl=4 l= 297 cons: cont [ 0 ] 19:d=2 hl=4 l= 293 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :02 26:d=3 hl=3 l= 234 cons: SET 29:d=4 hl=3 l= 231 cons: cont [ 1 ] 32:d=5 hl=2 l= 1 prim: INTEGER :03 35:d=5 hl=2 l= 65 cons: cont [ 0 ] 37:d=6 hl=2 l= 63 cons: cont [ 1 ] 39:d=7 hl=2 l= 9 cons: SEQUENCE 41:d=8 hl=2 l= 7 prim: OBJECT:id-ecPublicKey 50:d=7 hl=2 l= 50 prim: BIT STRING 102:d=5 hl=2 l= 28 cons: SEQUENCE 104:d=6 hl=2 l= 9 prim: OBJECT :dhSinglePass-stdDH-sha1kdf-scheme 115:d=6 hl=2 l= 15 cons: SEQUENCE 117:d=7 hl=2 l= 11 prim: OBJECT:id-smime-alg-CMS3DESwrap 130:d=7 hl=2 l= 0 prim: NULL 132:d=5 hl=3 l= 128 cons: SEQUENCE 135:d=6 hl=2 l= 126 cons: SEQUENCE 137:d=7 hl=2 l= 82 cons: SEQUENCE 139:d=8 hl=2 l= 69 cons: SEQUENCE 141:d=9 hl=2 l= 11 cons: SET 143:d=10 hl=2 l= 9 cons: SEQUENCE 145:d=11 hl=2 l= 3 prim: OBJECT:countryName 150:d=11 hl=2 l= 2 prim: PRINTABLESTRING :AU 154:d=9 hl=2 l= 19 cons: SET 156:d=10 hl=2 l= 17 cons: SEQUENCE 158:d=11 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 163:d=11 hl=2 l= 10 prim: UTF8STRING:Some-State 175:d=9 hl=2 l= 33 cons: SET 177:d=10 hl=2 l= 31 cons: SEQUENCE 179:d=11 hl=2 l= 3 prim: OBJECT:organizationName 184:d=11 hl=2 l= 24 prim: UTF8STRING:Internet Widgits Pty Ltd 210:d=8 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05 221:d=7 hl=2 l= 40 prim: OCTET STRING [HEX DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99 263:d=3 hl=2 l= 51 cons: SEQUENCE 265:d=4 hl=2 l= 9 prim: OBJECT:pkcs7-data 276:d=4 hl=2 l= 20 cons: SEQUENCE 278:d=5 hl=2 l= 8 prim: OBJECT:des-ede3-cbc 288:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E924DA6FC08FC3AC 298:d=4 hl=2 l= 16 prim: cont [ 0 ] cmadden@ubuntu:~/openssl-1.0.2a/apps$ Private Key cat ecc.key -BEGIN EC PARAMETERS- BggqhkjOPQMBAQ== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt sw== -END EC PRIVATE KEY- Public Key Cert ./openssl asn1parse -in ecc.crt 0:d=0 hl=4 l= 434 cons: SEQUENCE 4:d=1 hl=4 l= 359 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :C09819AB3ECC9A05 24:d=2 hl=2 l= 10 cons: SEQUENCE 26:d=3 hl=2 l= 8 prim: OBJECT:ecdsa-with-SHA256 36:d=2 hl=2 l= 69 cons: SEQUENCE 38:d=3 hl=2 l= 11 cons: SET 40:d=4 hl=2 l= 9 cons: SEQUENCE 42:d=5 hl=2 l= 3 prim: OBJECT:countryName 47:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 51:d=3 hl=2 l= 19 cons: SET 53:d=4 hl=2 l= 17 cons: SEQUENCE 55:d=5 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 60:d=5 hl=2 l= 10 prim: UTF8STRING:Some-State 72:d=3 hl=2 l= 33 cons: SET 74:d=4 hl=2 l= 31 cons: SEQUENCE 76:d=5 hl=2 l= 3 prim: OBJECT:organizationName 81:d=5 hl=2 l= 24 prim: UTF8STRING:Internet Widgits Pty Ltd 107:d=2 hl=2 l= 30 cons: SEQUENCE 109:d=3 hl=2 l= 13 prim: UTCTIME :150326134803Z 124:d=3 hl=2 l= 13 prim: UTCTIME :150425134803Z 139:d=2 hl=2 l= 69 cons: SEQUENCE 141:d=3 hl=2 l= 11 cons: SET 143:d=4 hl=2 l= 9 cons: SEQUENCE 145:d=5 hl=2 l= 3 prim: OBJECT:countryName 150:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 154:d=3 hl=2 l= 19 cons: SET 156:d=4 hl=2 l= 17 cons: SEQUENCE 158:d=5 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 163:d=5 hl=2 l= 10 prim: UTF8STRING:Some-State 175:d=3 hl=2 l= 33 cons: SET 177:d=4 hl=2 l= 31 cons: SEQUENCE 179:d=5 hl=2 l= 3 prim: OBJECT
Re: [openssl-users] CMS questions
On Tue, Feb 24, 2015, Richard Welty wrote: On 2/24/15 9:21 AM, Dr. Stephen Henson wrote: Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. it will not be detached, and will be in BER form. shortcuts (as long as they're in a documented API) are welcome as this is in a path that should be fast. So the embedded content type will be enveloped data? If so first you can check that type using CMS_get0_eContentType(). Then you can use CMS_get0_content() to retrieve the embedded content as a pointer to an OCTET STRING pointer. You should check that content is not NULL and then retrieve the encoding of the content using ASN1_STRING_data and ASN1_STRING_length. Once you have those you can decode using d2i_CMS_ContentInfo(). A couple of those functions are currently undocumented (that will be fixed) but nothing in that involves using structure internals. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
On 2/24/15 9:21 AM, Dr. Stephen Henson wrote: Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. it will not be detached, and will be in BER form. shortcuts (as long as they're in a documented API) are welcome as this is in a path that should be fast. thanks, richard -- rwe...@averillpark.net Averill Park Networking - GIS IT Consulting OpenStreetMap - PostgreSQL - Linux Java - Web Applications - Search signature.asc Description: OpenPGP digital signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS questions
On Mon, Feb 23, 2015, Richard Welty wrote: i'm starting on some work that needs to use CMS in an application, and i'm having trouble getting my head wrapped around how to handle the case of verifying a signature and then decrypting the enveloped data that has been signed. specifically, i'm not grasping how to extract the encrypted data to pass to CMS_decrypt after verification is done. do i need to use a BIO filter for this or is there some other mechanism i'm not seeing? Typically you'd write the signed content to a memory BIO and then decrypt that. Precisely how you decrypt the enveloped data depends on the format. It might be in MIME format in which case you'd pass it through the MIME parser. Alternatively it could be enveloped data content type in which case you'd decode it as BER form. There are shortcuts you can make if, for example, you know the signed content is not detached and in BER form. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS questions
i'm starting on some work that needs to use CMS in an application, and i'm having trouble getting my head wrapped around how to handle the case of verifying a signature and then decrypting the enveloped data that has been signed. specifically, i'm not grasping how to extract the encrypted data to pass to CMS_decrypt after verification is done. do i need to use a BIO filter for this or is there some other mechanism i'm not seeing? thanks in advance, richard -- rwe...@averillpark.net Averill Park Networking - GIS IT Consulting OpenStreetMap - PostgreSQL - Linux Java - Web Applications - Search signature.asc Description: OpenPGP digital signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: openssl/crypto/cms/
On Tue, Apr 8, 2008 at 5:48 AM, shankar ks [EMAIL PROTECTED] wrote: Hi Hobblet, Sorry for the late reply as I was busy with searching of other things . You have given a command regarding my question, but i did not understand that and how to use it to get the information of CMS from openssl CVS. I am not aware of using CVS also . I want to download the source code of the CMS from this CVS on to my windows system and implement that in the OVMS system. As i down loaded the 0.9.8e but I did not find any file like /crypto/cms .. CVS is an Open Source 'revision control system' which runs on UNIX and Windows. As it has been originally developed for UNIX, the commandline I specified should work on any UNIX box which has CVS installed out of the box. For Windows, I'll refer you to the FAQ at http://worldforge.org/doc/faq/cvs/#windows1 have a look at their 'Windows Specific' section. Then go to the TortoiseCVS website and install the software - it's a very good Windows client which encapsulates CVS with a GUI. At the TortoiseCVS website, you will find a lot of information on how to use it and which the equivalent of the given commandline is for the Tortoise UI. Alternatively, you can google for 'CVS Win32' or 'CVS Windows' for additional sites with information and software, though I personally preferred to use TortoiseCVS when I have to use CVS in a Windows-only environment -- now I have moved software revision control off to a dedicated UNIX machine, which makes it so much easier and faster for large projects. There are also several good books available about CVS which include info on Windows and UNIX setup and usage (O'Reilly series, for one). When you get the latest sourcecode using CVS, you will get the source tree for 0.9.9, in which you will find said ./crypto/cms/ directory and several other additions to 0.9.8. Check it out! Take care, Ger Thanks in advance --Shankar On 4/2/08, Ger Hobbelt [EMAIL PROTECTED] wrote: On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED] wrote: Hi all, When i refer to the Openssl CVS, I did not find the file related to openssl/crypto/cms/ , All files in this folder are showing the difference , but not the exact files... where can i get the cms files. and one more thing is i downloaded the OpenSSl kit of 0.9.8f version, but i did not find any files or folders with the specified names in the kit, means there is no folder availble with the name openssl/crypto/cms/... Like I said, it's in the latest CVS; 0.9.8 is the latest stable release IIRC, while the CVS I referred to was the development tree (0.9.9). Run this to grab it all; there _will_ be a complete crypto/cms/ directory in there plus a cms.c tool sourcecode in apps/ : cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R . -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- --Best Regards Shankar -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl/crypto/cms/
Hi Hobbelt, I downloaded the tortoiseCMS and tried to checkout the data , but it was asking for a password , and giving connection error like to many authentication was failed for shankar ... ... -- Shankar On 4/8/08, Ger Hobbelt [EMAIL PROTECTED] wrote: On Tue, Apr 8, 2008 at 5:48 AM, shankar ks [EMAIL PROTECTED] wrote: Hi Hobblet, Sorry for the late reply as I was busy with searching of other things . You have given a command regarding my question, but i did not understand that and how to use it to get the information of CMS from openssl CVS. I am not aware of using CVS also . I want to download the source code of the CMS from this CVS on to my windows system and implement that in the OVMS system. As i down loaded the 0.9.8e but I did not find any file like /crypto/cms .. CVS is an Open Source 'revision control system' which runs on UNIX and Windows. As it has been originally developed for UNIX, the commandline I specified should work on any UNIX box which has CVS installed out of the box. For Windows, I'll refer you to the FAQ at http://worldforge.org/doc/faq/cvs/#windows1 have a look at their 'Windows Specific' section. Then go to the TortoiseCVS website and install the software - it's a very good Windows client which encapsulates CVS with a GUI. At the TortoiseCVS website, you will find a lot of information on how to use it and which the equivalent of the given commandline is for the Tortoise UI. Alternatively, you can google for 'CVS Win32' or 'CVS Windows' for additional sites with information and software, though I personally preferred to use TortoiseCVS when I have to use CVS in a Windows-only environment -- now I have moved software revision control off to a dedicated UNIX machine, which makes it so much easier and faster for large projects. There are also several good books available about CVS which include info on Windows and UNIX setup and usage (O'Reilly series, for one). When you get the latest sourcecode using CVS, you will get the source tree for 0.9.9, in which you will find said ./crypto/cms/ directory and several other additions to 0.9.8. Check it out! Take care, Ger Thanks in advance --Shankar On 4/2/08, Ger Hobbelt [EMAIL PROTECTED] wrote: On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED] wrote: Hi all, When i refer to the Openssl CVS, I did not find the file related to openssl/crypto/cms/ , All files in this folder are showing the difference , but not the exact files... where can i get the cms files. and one more thing is i downloaded the OpenSSl kit of 0.9.8f version, but i did not find any files or folders with the specified names in the kit, means there is no folder availble with the name openssl/crypto/cms/... Like I said, it's in the latest CVS; 0.9.8 is the latest stable release IIRC, while the CVS I referred to was the development tree (0.9.9). Run this to grab it all; there _will_ be a complete crypto/cms/ directory in there plus a cms.c tool sourcecode in apps/ : cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R . -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- --Best Regards Shankar -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- --Best Regards Shankar
Re: openssl/crypto/cms/
To get the sources from the CVS repository, you should log in as anonymous user, i.e. use user anonymous and no password at all (empty password). This you can also see in the original commandline I specified: cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R . -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl/crypto/cms/
Hi Hobblet, Sorry for the late reply as I was busy with searching of other things . You have given a command regarding my question, but i did not understand that and how to use it to get the information of CMS from openssl CVS. I am not aware of using CVS also . I want to download the source code of the CMS from this CVS on to my windows system and implement that in the OVMS system. As i down loaded the 0.9.8e but I did not find any file like /crypto/cms .. Thanks in advance --Shankar On 4/2/08, Ger Hobbelt [EMAIL PROTECTED] wrote: On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED] wrote: Hi all, When i refer to the Openssl CVS, I did not find the file related to openssl/crypto/cms/ , All files in this folder are showing the difference , but not the exact files... where can i get the cms files. and one more thing is i downloaded the OpenSSl kit of 0.9.8f version, but i did not find any files or folders with the specified names in the kit, means there is no folder availble with the name openssl/crypto/cms/... Like I said, it's in the latest CVS; 0.9.8 is the latest stable release IIRC, while the CVS I referred to was the development tree (0.9.9). Run this to grab it all; there _will_ be a complete crypto/cms/ directory in there plus a cms.c tool sourcecode in apps/ : cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R . -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- --Best Regards Shankar
Re: openssl/crypto/cms/
On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED] wrote: Hi all, When i refer to the Openssl CVS, I did not find the file related to openssl/crypto/cms/ , All files in this folder are showing the difference , but not the exact files... where can i get the cms files. and one more thing is i downloaded the OpenSSl kit of 0.9.8f version, but i did not find any files or folders with the specified names in the kit, means there is no folder availble with the name openssl/crypto/cms/... Like I said, it's in the latest CVS; 0.9.8 is the latest stable release IIRC, while the CVS I referred to was the development tree (0.9.9). Run this to grab it all; there _will_ be a complete crypto/cms/ directory in there plus a cms.c tool sourcecode in apps/ : cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R . -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl/crypto/cms/
*Hi all,* ** *When i refer to the Openssl CVS, I did not find the file related to* *openssl/crypto/cms/ , * All files in this folder are showing the difference , but not the exact files... where can i get the cms files. and one more thing is i downloaded the OpenSSl kit of 0.9.8f version, but i did not find any files or folders with the specified names in the kit, means there is no folder availble with the name openssl/crypto/cms/... --Best Regards Shankar
OpenSSL and CMS
Hello! I'm writing you because I would like to know if Opessl is planning to support the Cryptographic Message Syntax (CMS) for the PKCS#7, and in that case, when it could be possible to be available. Thanks for your answers, Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]