openssl smime/cms unable to handle binary encoded message? (header too long:asn1)

[Carlos Maynard]

Hello gentlemen,

I am troubleshooting an issue with an AS2 setup, the error I'm getting is
AS1_get_obect:header too long:asn1. Playing with another system, I was able
to replicate the issue by switching the encoding from Base64 to Binary.

Before i get a smart response... the trading partner can't switch the
encoding from binary to base64,.. so here I am ;-)

Apparently openssl assumes that all SMIME messages are base64 encoded, and
balks when this is not the case?

Basically the transmission is an encrypted and signed. The decryption goes
well, but then the signature verification fails, the full error message is
below.

139666245117592:error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long:asn1_lib.c:157:
139666245117592:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode
error:asn_mime.c:192:
139666245117592:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1
sig parse error:asn_mime.c:490:

It looks like I'm not alone in this...
https://superuser.com/questions/1097544/error-when-decompress-smime-file

According to the link above... I should be able to discard the the headers
and handle the binary body with openssl. Copying/Pasting from the link
above...

$ sed '1,/^\r$/d' suA97544.body

$ openssl cms -uncompress -inform der -in suA97544.body

Now, when I try this suggestion... sed does strip the MIME headers, but
still when attempting to uncompress with openssl there is an error.

Error reading S/MIME message
140081090963096:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1217:
140081090963096:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:386:Type=CMS_ContentInfo

I am hoping I am just missing something here... obviously openssl is not my
forte. :-)

For illustration purposes, here is the original structure:

content-type: multipart/signed;
protocol="application/pkcs7-signature"; micalg=SHA-1;
boundary="_=4094798051677677Sterling4094798051677677MOKO"

--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m

 (Binary)
--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-signature; name=EDIINTSIG.p7s

 (Binary)


After sed... the structure looks like this... which fails to uncompress
with openssl

--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m

 (Binary)
--_=4094798051677677Sterling4094798051677677MOKO
content-type: application/pkcs7-signature; name=EDIINTSIG.p7s

... (Binary)

openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER


Last but not least, if I split the two parts, remove the boundary and
content-type line... I can use pkcs7 to convert the binary content for each
individual file, and I get this, but I'm not sure that this is what I think
it is (the data what the next step would be. Talk about shooting in the
dark. LoL.

openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER
-BEGIN PKCS7-
MIHOBgsqhkiG9woBCRABCaCBvjCAAgEAMAoGCyqGSIb3CgEJEAMIMIAGCSqGSIb3
CgEHAaCAJIAEAnicBIGMc87PK0nNK9EtqSxItVJwLCjIyUxOLMnMz9N3dfHUjTA0
4uVKhirJTLFSsPH19/Z3dnMGSeblp6Qa6hqaJRsYGicaJ5oY6hoZWRgZmJuaWTi7
uTsGGzlAFNrxcvFyKQOBQoiHZ7ACEDkqhLgGhyj4ugYHO7q7KoDlXPwV/PxDFAKC
/J2BwmAxABhSKac=
-END PKCS7-


I suspect this is a compressed version of the actual message, but I can't
get any further. Any help, recommendations, thoughts would be greatly
appreciated!!

Is there a solid openssl implementation that can handle the binary encoded
smime message?

Thanks in advance!

CM.

Re: [openssl-users] cms utility "-sign" doesn't include signed content

[lists]

On 10/20/2017 10:00 PM, Chris Marget wrote:

I'm struggling with a PKCS7 signing operation using openssl 1.0.2g.

I want to create signed messages like the one in my 'original' file 
(below). It seemed like extracting and then re-signing this message 
would be a good start.


I'm able to verify/unpack the original message, but not able to sign 
the unpacked message to get back to where I started. I have access to 
the signer's certificate and private key.


I hope somebody can point me in the right direction?

I'm extracting the message with:

openssl cms -verify -CAfile CA_cert.pem -inform pem -in original -out 
extracted



I thought I'd be able to re-sign this message using something like:

openssl cms -sign -md sha1 -in extracted -inkey signer_key -signer 
signer_cert -outform pem



This 'sign' operation completes successfully, but produces an output 
that's missing the payload. Using the same procedure to sign 1MB of 
random data produces a result that's only 1396 bytes long:




I think you want to add the option  "-nodetach"

dd if=/dev/urandom bs=1M count=1 | openssl cms -sign -md sha1 -inkey 
signer_key -signer signer_cert -outform pem | grep -v -- -- | base64 
--decode | wc -c


1396


Clearly this 'sign' function doesn't do what I thought it did.

How can I sign blob of data so that it looks like my 'original'?

The files I'm using:
original https://pastebin.com/raw/CNPLyqcm
CA_cert.pem https://pastebin.com/raw/HiE6gMTN
signer_key https://pastebin.com/raw/tnCXeYHg (the correct key, but not 
an actual secret)

signer_cert https://pastebin.com/raw/ACtTVHdp

Thank you!




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS-supported ciphers

[ch]

Hello!

I see the CMS-Interface (CMS_encrypt, X_write_CMS, ...) does not support 
AES128-GCM.


https://mta.openssl.org/pipermail/openssl-dev/2015-April/001177.html

Is there a list of all supporting ciphers for CMS?
Or how can I find out without trying it?

Thanks!
Chris


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS/SMIME: RSASSA-PSS, RSAES-OAEP

[ch]

Hello!

I have an application that uses 3DES for encryption and SHA1 for signing.
It is MIME-content and so I use SMIME and CMS.

Is there a way to do RSAES-OAEP for keyencryption and RSASSA-PSS for 
signing with the commandline-tools too

or do I need to use the API?

Cheers,
Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] cms utility "-sign" doesn't include signed content

[Chris Marget]

I'm struggling with a PKCS7 signing operation using openssl 1.0.2g.

I want to create signed messages like the one in my 'original' file
(below). It seemed like extracting and then re-signing this message would
be a good start.

I'm able to verify/unpack the original message, but not able to sign the
unpacked message to get back to where I started. I have access to the
signer's certificate and private key.

I hope somebody can point me in the right direction?

I'm extracting the message with:

openssl cms -verify -CAfile CA_cert.pem -inform pem -in original -out
extracted

I thought I'd be able to re-sign this message using something like:

openssl cms -sign -md sha1 -in extracted -inkey signer_key -signer
signer_cert -outform pem

This 'sign' operation completes successfully, but produces an output that's
missing the payload. Using the same procedure to sign 1MB of random data
produces a result that's only 1396 bytes long:

dd if=/dev/urandom bs=1M count=1 | openssl cms -sign -md sha1 -inkey
signer_key -signer signer_cert -outform pem | grep -v -- -- | base64
--decode | wc -c

1396

Clearly this 'sign' function doesn't do what I thought it did.

How can I sign blob of data so that it looks like my 'original'?

The files I'm using:
original https://pastebin.com/raw/CNPLyqcm
CA_cert.pem https://pastebin.com/raw/HiE6gMTN
signer_key https://pastebin.com/raw/tnCXeYHg (the correct key, but not an
actual secret)
signer_cert https://pastebin.com/raw/ACtTVHdp

Thank you!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS: Encrypt with binary encoding

[Thomas Francis, Jr.]

> On Jun 22, 2016, at 11:40 AM, c.hol...@ades.at wrote:
> 
> Yes, but then there is no MIME-Header.
> Can I have MIME with binary encoding??

Not really.  If you’re using raw binary output, the output wouldn’t be a MIME 
body (or body-part), so a MIME header would be inappropriate.  MIME requires 
output to be 7-bit clean (i.e., the high bit of every byte is 0), with some 
special exceptions.  Base64 is usually the preferred encoding, although many 
other encodings (e.g. uuencode) are allowed.  Raw binary output would not be 
allowed (unless you could guarantee it meets the exceptional cases, which you 
can’t for something like this).  You could always prepend a MIME header, but 
that wouldn’t make your output a MIME body.

TOM



-- 
+-++
| Thomas Francis, Jr. |Preserve wildlife --|
| thomas.francis...@pobox.com | Pickle a squirrel! |
| http://www.bbsclient.net/   ||
+-++

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS: Encrypt with binary encoding

[c.hol...@ades.at]

Yes, but then there is no MIME-Header.
Can I have MIME with binary encoding??


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS: Encrypt with binary encoding

[Jakob Bohm]

On 22/06/2016 17:09, c.hol...@ades.at wrote:

Hi!

Is there a way to get binary (not base64) encoding out of CMS-encrypt??

openssl cms -encrypt -in plain.txt  mycer.cer

gives me a MIME-part with
Content-Transfer-Encoding: base64

But I'd like to have binary.
Thanks for help!

Chris

-outform DER

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS: Encrypt with binary encoding

[c.hol...@ades.at]

Hi!

Is there a way to get binary (not base64) encoding out of CMS-encrypt??

openssl cms -encrypt -in plain.txt  mycer.cer

gives me a MIME-part with
Content-Transfer-Encoding: base64

But I'd like to have binary.
Thanks for help!

Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Dr. Stephen Henson]

On Mon, Apr 11, 2016, Abe Racioppo wrote:

> Thank you for the responses.
> 
> I have implemented encryption that adds a secret key, and secret key id
> using:
> CMS_add0_recipient_key,
> CMS_EncryptData_encrypt,
> SMIME_write_CMS
> The output file looks correct, but I need to decrypt it back to be sure.
> 

Ah CMS_EncryptedData_encrypt() just creates the encrypted data type. If you
want to use enveloped data you use CMS_encrypt() first then
CMS_add0_recipient_key() and finally SMIME_write_CMS().

> I would like to be able to get the secret key id from the envelope data to
> then search a database for the key, and then CMS_decrypt.  I have yet to
> determine the most straightforward way of getting the key ids from the
> envelope/wrapped content of cms.
> 
> Is there a combination if I have SMIME_read the cms from a file like:
>   keyId =  cms->envelopedData->keyId?
> 
> Or do I need to handle a stack_of recipient infos in order to get the key
> id from kekri0_get_id?
> 

Yes. You need to use CMS_get0_RecipientInfos() as there can be multiple
recipients of different types.

For each recipient info you check the type with:

CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_KEY

For each match retrieve the key ID using CMS_RecipientInfo_kekri_get0_id().

If the id doesn't match a value in you database continue to the next recipient
info. If no matches return an error.

If you do get a match then call CMS_RecipientInfo_set0_key().

Finally call CMS_decrypt(): setting the key and certificate parameters to
NULL.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Abe Racioppo]

Thank you for the responses.

I have implemented encryption that adds a secret key, and secret key id
using:
CMS_add0_recipient_key,
CMS_EncryptData_encrypt,
SMIME_write_CMS
The output file looks correct, but I need to decrypt it back to be sure.

I would like to be able to get the secret key id from the envelope data to
then search a database for the key, and then CMS_decrypt.  I have yet to
determine the most straightforward way of getting the key ids from the
envelope/wrapped content of cms.

Is there a combination if I have SMIME_read the cms from a file like:
  keyId =  cms->envelopedData->keyId?

Or do I need to handle a stack_of recipient infos in order to get the key
id from kekri0_get_id?

Thanks again,
Abe


On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Henson 
wrote:

> On Mon, Apr 04, 2016, Abe Racioppo wrote:
>
> > Hey guys,
> >
> > I'm trying to use the CMS operations in libcrypto but with a symmetric
> key
> > encryption key instead of x509.
> >
> > I'm thinking I want to use a combination of
> >
> > CMS_RecipientInfo_set0_pkey,
> > SMIME_write_CMS,
> > and
> > CMS_EncryptedData_encrypt.
> >
> > Has anyone done this before and can give me some direction?  This is my
> > first time working with openssl and am getting kinda lost.
> >
>
> You have several options here.
>
> You can just use the encrypted data type with a key directly.
>
> You can use the enveloped data type with a symmetric wrapping key.
>
> You can use the enveloped data type with a password based recipient info.
>
> Which you use depends on the application you have in mind.
>
> In the first case you just call CMS_EncryptData_encrypt() followed by
> SMIME_write_CMS().
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Dr. Stephen Henson]

On Mon, Apr 04, 2016, Abe Racioppo wrote:

> Hey guys,
> 
> I'm trying to use the CMS operations in libcrypto but with a symmetric key
> encryption key instead of x509.
> 
> I'm thinking I want to use a combination of
> 
> CMS_RecipientInfo_set0_pkey,
> SMIME_write_CMS,
> and
> CMS_EncryptedData_encrypt.
> 
> Has anyone done this before and can give me some direction?  This is my
> first time working with openssl and am getting kinda lost.
> 

You have several options here.

You can just use the encrypted data type with a key directly.

You can use the enveloped data type with a symmetric wrapping key.

You can use the enveloped data type with a password based recipient info.

Which you use depends on the application you have in mind.

In the first case you just call CMS_EncryptData_encrypt() followed by
SMIME_write_CMS().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Viktor Dukhovni]

> On Apr 4, 2016, at 11:34 PM, Salz, Rich  wrote:
> 
>> I'm trying to use the CMS operations in libcrypto but with a symmetric key 
>> encryption key instead of x509.
> 
> We don't support this.

It looks like we do.  See crypto/cms/cms_pwri.c and the
undocumented "-pwri_password" option of the cms(1) command.

Documentation would of course be great...

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Salz, Rich]

> I'm trying to use the CMS operations in libcrypto but with a symmetric key 
> encryption key instead of x509.

We don't support this.

--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Wim Lewis]

On Apr 4, 2016, at 3:42 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:
> Unless you can point out a clause in the "CMS" format RFCs
> that allow use without X.509 certificates, there is no reason
> why the "CMS" part of the OpenSSL library should be able to
> any such thing.

The CMS RFC (RFC 5652) specifies password based key derivation (in addition to 
asymmetric-key crypto key transport or agreement, and also a 
symmetric-cryptography key transport mechanism). See section 6.2.

It looks like password based key derivation wasn't in the original PKCS#7, but 
was introduced in a 2001 specification (RFC 3211) and was folded into the 2002 
revision of CMS (RFC 3369).


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Jakob Bohm]

On 05/04/2016 00:18, Abe Racioppo wrote:

Hey guys,

I'm trying to use the CMS operations in libcrypto but with a symmetric 
key encryption key instead of x509.


I'm thinking I want to use a combination of

CMS_RecipientInfo_set0_pkey,
SMIME_write_CMS,
and
CMS_EncryptedData_encrypt.

Has anyone done this before and can give me some direction?  This is 
my first time working with openssl and am getting kinda lost.



The "CMS" operations implement the "CMS" standard, formerly
known as PKCS#7, which is based entirely on the use of X.509
certificates.

Unless you can point out a clause in the "CMS" format RFCs
that allow use without X.509 certificates, there is no reason
why the "CMS" part of the OpenSSL library should be able to
any such thing.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS with Symmetric key

[Abe Racioppo]

Hey guys,

I'm trying to use the CMS operations in libcrypto but with a symmetric key
encryption key instead of x509.

I'm thinking I want to use a combination of

CMS_RecipientInfo_set0_pkey,
SMIME_write_CMS,
and
CMS_EncryptedData_encrypt.

Has anyone done this before and can give me some direction?  This is my
first time working with openssl and am getting kinda lost.

Thanks,

Abe
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Doubt about the CMS_sign() function (in file openssl/crypto/cms/cms_smime.c)

[Luiz Laranjeira]

Hi folks,

My name is Luiz Laranjeira. I am an associate professor of software
engineering
with the University of Brasilia, Brazil.

I have a group that is developing a signer and validator according to RFC
5652
(CMS/PKCS#7) and we are using OpenSSL.

I would like to ask your help concerning a doubt we have:

Does the CMS_sign(...) function return a full CMS/PKCS#7 object coded in
ASN1 according to RFC 5652 or does it return simply the digital signature
field
(encrypted hash of the data plus the signed attributes) in ASN1 format?

I'd appreciate your assistance with this issue.

Best regards,

Luiz Laranjeira
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] cms sign/verify

[kwhb]

I am using OpenSSL version 1.0.1f and got problems while signing and
verifying a file using these commands:

$ openssl cms -sign   -inkey Mozart.pem -signer Mozart.crt -binary -in
$DOCUMENT  -out $DOCUMENT.p7m
$ openssl cms -verify -CAfile CAcert.pem   
-binary -in $DOCUMENT.p7m -out $DOCUMENT.out
$ cmp $DOCUMENT $DOCUMENT.out

If I omit the -binary option from both calls to openssl cms then the
verified document differs from the original document because of translations
LF to CR/LF.

If I include the -binary option the first call to openssl works fine but the
second call throws errors:
Verification failure
3073672892:error:2E09A09E:CMS
routines:CMS_SignerInfo_verify_content:verification failure:cms_sd.c:887:
3073672892:error:2E09D06D:CMS routines:CMS_verify:content verify
error:cms_smime.c:425:

How do I use openssl cms -sign/verify correctly?





--
View this message in context: 
http://openssl.6102.n7.nabble.com/cms-sign-verify-tp58943.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS questions

[Richard Welty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

[resending from the correct email address; list moderator, if you see this
first, just delete the one in the non-member queue]

On 2/24/15 10:10 AM, Dr. Stephen Henson wrote:
 So the embedded content type will be enveloped data?

 If so first you can check that type using CMS_get0_eContentType().

 Then you can use CMS_get0_content() to retrieve the embedded content as a
 pointer to an OCTET STRING pointer. You should check that content is
not NULL
 and then retrieve the encoding of the content using ASN1_STRING_data and
 ASN1_STRING_length.

 Once you have those you can decode using d2i_CMS_ContentInfo().

ok, i'm not understanding how i supply the private key for decrypting
the enveloped data in this scenario.

thanks,
   richard
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVQ33EAAoJEBg+LdNh/YEcvwAP/16TWRrGEPlVTSR9KGdezeSm
4ViStqMGbS2QHAmMHEZhypJMjuMEeeXJARXybH2ymCg8F6ATVRge5z4LGvSQheKu
5XU/sgw6T9rTuMcLuKiUnwqiIeFuz3IgDlBEwNOdS5DHXqWbfnbE6C5q/4d1mp7O
IttTQlsmPNE61+jiyffK4UYTG5wnHac58l7OYVrnS08ViIeCYC9vhNV9iFaQqekB
04r9eEs0NKzbfMGaiAVyZqkCJlFvfpH55cgPqHD4xu+yUDb4zAvA0N7tmYiGSPOa
nhCr9gwKKCVZvSsbZ45OUNpwrDIqFdKwgonKOfNOl28LeuMMXssrm2PM5yXvuQwR
YrP/vSj+4zuWtLg1J+vOciKb3LL+WOeJtMhHu9UDdLkQ2T7uPEdkSUSNn83P6YNu
DPFeW807omn3A3VgZhBbzd283/jEMkQOXZmrXOrPZ/vz95lFk4fLsDL6JtuMDryd
0aZila+Fm9NSm5AdMfC2Maf9wK2QFR/lbb7+CVi7nLWzY6nJjcHGrYvXn5NupaNF
bZ78+FOgbEJ5poktU+e68Iz1RhEGtSPuc6z8n8CA7F8NdFybsBzy16V16bAoBSdO
gLYWaDpWT6t2IRUkdNLwyBaMNuCMnkhl7MDjYIzZgmYWPD04yH46I9esehr99hrg
39ihWLRHKM/CZVspAh4/
=DS0I
-END PGP SIGNATURE-


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS questions

[Dr. Stephen Henson]

On Fri, May 01, 2015, Richard Welty wrote:

 
 
 On 2/24/15 10:10 AM, Dr. Stephen Henson wrote:
  So the embedded content type will be enveloped data?
 
  If so first you can check that type using CMS_get0_eContentType().
 
  Then you can use CMS_get0_content() to retrieve the embedded content as a
  pointer to an OCTET STRING pointer. You should check that content is
 not NULL
  and then retrieve the encoding of the content using ASN1_STRING_data and
  ASN1_STRING_length.
 
  Once you have those you can decode using d2i_CMS_ContentInfo().
 
 ok, i'm not understanding how i supply the private key for decrypting
 the enveloped data in this scenario.
 

You get back a CMS_ContentInfo structure which you can then process using the
appropriate CMS functions such as CMS_decrypt().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS questions

[Richard Welty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 4/30/15 6:32 PM, Richard Welty wrote:

 1) the documentation on d2i_CMS_ContentInfo() is a bit light on
 details about the parameters. what should the first parameter be, a
 certificate as with d2i_X509?

ok, figured this one out for myself, should have read the d2i_X509
documentation more carefully.

richard
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVQrNNAAoJEBg+LdNh/YEcDggQALFImQPZ/MlvBbOnMvELkFxM
eCwZxE+BnwVpMgRnsVaTM0z2r9hY44V1jGZrw+Xfj4YXkaAXs6iIarptdg+IL9dX
bNi4haTy4QMF8Uu5mvWCSLcsIO/1obXnH5FE9Ri2QMK6Jysp4vPiC379sBQyGGRm
o+gF3cnpYF0+VKQX858KjE8sChJMCHgfdDU3Z79S9iEdeUeZ0ILESLRQcy8OEywp
iToW6FRQuaCK36bn+23ApxUUuQIkPGcqoDDvOPSXVuTMjYLSzfFzsTXfu42yY56G
Rmxg9TFfPL6WdLJb/BQoBvA6u4HWo7pZdpFUymShhezTlM5jvVAHXeHq6PZjJx8J
g7bpPH6mu17ILdJMQqVo3kWhGnQVZMuR12BY6qHaBvOWxJ7lAEYjjlu+pVtgWlp3
vRbWwGfApC36UziRJpmZIYgz1e7hUrB8Mqg78f3SPK1fcWKSYV1IkRnxM7Py+PnT
ISXAi6VTRmg1rNc0cnfrhegcTcwUFJVyCTCKWR4i7NlUDSHSThcmMKW5muasjL11
cr4OPfDStI7okM4GpPADL09ZnRK7J+D+UYXZYq37XnokekqAZ1/Bjs5VDKKzlfv0
7lTMxLaZ5jeIwBM4KdTn4ThFVg5Huz1lsI7yP4J2kwkdA9RIcz2jmkhvS/8N5V/F
HLbQJyfjWnFX5PlAUL5u
=UfG4
-END PGP SIGNATURE-

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS questions

[Richard Welty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/24/15 10:10 AM, Dr. Stephen Henson wrote:
 On Tue, Feb 24, 2015, Richard Welty wrote:

 On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:

 Typically you'd write the signed content to a memory BIO and then
decrypt
 that. Precisely how you decrypt the enveloped data depends on the
format. It
 might be in MIME format in which case you'd pass it through the MIME
parser.
 Alternatively it could be enveloped data content type in which case
you'd
 decode it as BER form.

 There are shortcuts you can make if, for example, you know the
signed content
 is not detached and in BER form.

 it will not be detached, and will be in BER form. shortcuts (as long as
 they're
 in a documented API) are welcome as this is in a path that should be
fast.


 So the embedded content type will be enveloped data?

 If so first you can check that type using CMS_get0_eContentType().

 Then you can use CMS_get0_content() to retrieve the embedded content as a
 pointer to an OCTET STRING pointer. You should check that content is
not NULL
 and then retrieve the encoding of the content using ASN1_STRING_data and
 ASN1_STRING_length.

 Once you have those you can decode using d2i_CMS_ContentInfo().

 A couple of those functions are currently undocumented (that will be
fixed) but
 nothing in that involves using structure internals.

coming back to this after a bit of time; the project is finally getting
fired
up. there are two questions in front of me right now:

1) the documentation on d2i_CMS_ContentInfo() is a bit light on details
about the parameters. what should the first parameter be, a certificate
as with d2i_X509?

2) is there something roughly analogous for encryption? i need
a fast-but-documented path for encrypting and signing data
using BER on the server that will be decrypted client (and vice
versa).

thanks,
   richard
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVQq2BAAoJEBg+LdNh/YEc/xwQAL2QH/aH1LUATeAmGmt2h7tk
n4K5ghhrIwCOlrgqXNbSS7qEmrXdRgKPhTZkJVx/Y236hqJt/AqjyB0geCmDIuMi
uOXzPXlWInj6jg9kjGq+jEMeG9Czu1i/DfSJjB01N6asEx8YKvNZUVnNqKj8fkBi
iit0a5/61B26bd8oGVAFfM6gMJMBZRWqbPSFhjPyB2tMWMOfnZ7N08N66qz29/Xk
vKiG1EEj6SRAPTFhzqzLzZphtShWDXeQP6pfrSRJ6AGiTfX2Gvn/7iwUiPUF3sLX
8ULskp3XyWeA/L71vLUNvo49XVdx/7lCj4o8nbCrI+/fgIREPAdI+AzvsxYv8wFH
K/pSYZOL5ag+YiMBt9pfPCxhUebjz4KS9InoT4g15x8DuhosiB/6JWOFsKpHENxX
5TO/tRteopWmQ0PBCbrrBG58Gdg0t7OW6tBM0e13cYLTfUc93eOb7lJhuMOzzkqJ
i6VF99Cosj8WcjZuh4hASVHe7h9pBOlabl8xHlSocbn91Q68RnwpQ12HoQMhjqze
1Za4yaQagcd8OnBoRc8gXCWUGNfLRYjEXdXaKt1AlFWQHa6h2ZcGwgoMukg+Fu1Z
AyY7vaxIPa3wBR1eNhv15hrgwBmoWPzTgoupTbbiP4e5HnmcdWUcjnKvOd+kamQG
SHhG4PeipRKHtJ1OzA5Q
=vlyk
-END PGP SIGNATURE-


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[Dr. Stephen Henson]

On Thu, Mar 26, 2015, Chris Madden wrote:

 Hi,
 I am playing with openssl 1.0.2a - specifically CMS support for ECC.
 But what I think should work doesn't.
 Commands used and parsed data shown.
 (I gave an RSA example as a known good working example)
 
 ./openssl version
 OpenSSL 1.0.2a 19 Mar 2015
 
 echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext
 
 
 #EC fails
 
   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
   ./openssl req -x509 -new -key ecc.key -out ecc.crt
   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
 -inkey ecc.key
 Error decrypting CMS structure
 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
 decrypt:evp_enc.c:529:
 

RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[Chris Madden]

 Hi,
 I am playing with openssl 1.0.2a - specifically CMS support for ECC.
 But what I think should work doesn't.
 Commands used and parsed data shown.
 (I gave an RSA example as a known good working example)

 ./openssl version
 OpenSSL 1.0.2a 19 Mar 2015

 echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext


 #EC fails
 
   ./openssl ecparam -name prime192v1 -genkey -out ecc.key
   ./openssl req -x509 -new -key ecc.key -out ecc.crt
   ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM
ecc.crt
   ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
 -inkey ecc.key
 Error decrypting CMS structure
 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
 decrypt:evp_enc.c:529:


RSA can decrypt without knowing the certificate but currently EC cannot. So
try including the option -recip ecc.crt when you decrypt.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Many thanks Steve for the prompt response!
That fixed it.
Chris


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] openssl 1.0.2a CMS encrypt with ECDH EnvelopedData fails?

[Chris Madden]

Hi,
I am playing with openssl 1.0.2a - specifically CMS support for ECC.
But what I think should work doesn't.
Commands used and parsed data shown.
(I gave an RSA example as a known good working example)

./openssl version
OpenSSL 1.0.2a 19 Mar 2015

echo -n 12345678123456781234567812345678  sess.txt # 32 byte plaintext


#EC fails

  ./openssl ecparam -name prime192v1 -genkey -out ecc.key
  ./openssl req -x509 -new -key ecc.key -out ecc.crt
  ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
  ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM
-inkey ecc.key
Error decrypting CMS structure
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:529:


EnvelopedData
--
./openssl asn1parse -in encsess.bin
0:d=0  hl=4 l= 312 cons: SEQUENCE
4:d=1  hl=2 l=   9 prim: OBJECT:pkcs7-envelopedData
   15:d=1  hl=4 l= 297 cons: cont [ 0 ]
   19:d=2  hl=4 l= 293 cons: SEQUENCE
   23:d=3  hl=2 l=   1 prim: INTEGER   :02
   26:d=3  hl=3 l= 234 cons: SET
   29:d=4  hl=3 l= 231 cons: cont [ 1 ]
   32:d=5  hl=2 l=   1 prim: INTEGER   :03
   35:d=5  hl=2 l=  65 cons: cont [ 0 ]
   37:d=6  hl=2 l=  63 cons: cont [ 1 ]
   39:d=7  hl=2 l=   9 cons: SEQUENCE
   41:d=8  hl=2 l=   7 prim: OBJECT:id-ecPublicKey
   50:d=7  hl=2 l=  50 prim: BIT STRING
  102:d=5  hl=2 l=  28 cons: SEQUENCE
  104:d=6  hl=2 l=   9 prim: OBJECT
 :dhSinglePass-stdDH-sha1kdf-scheme
  115:d=6  hl=2 l=  15 cons: SEQUENCE
  117:d=7  hl=2 l=  11 prim: OBJECT:id-smime-alg-CMS3DESwrap
  130:d=7  hl=2 l=   0 prim: NULL
  132:d=5  hl=3 l= 128 cons: SEQUENCE
  135:d=6  hl=2 l= 126 cons: SEQUENCE
  137:d=7  hl=2 l=  82 cons: SEQUENCE
  139:d=8  hl=2 l=  69 cons: SEQUENCE
  141:d=9  hl=2 l=  11 cons: SET
  143:d=10 hl=2 l=   9 cons: SEQUENCE
  145:d=11 hl=2 l=   3 prim: OBJECT:countryName
  150:d=11 hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=9  hl=2 l=  19 cons: SET
  156:d=10 hl=2 l=  17 cons: SEQUENCE
  158:d=11 hl=2 l=   3 prim: OBJECT:stateOrProvinceName
  163:d=11 hl=2 l=  10 prim: UTF8STRING:Some-State
  175:d=9  hl=2 l=  33 cons: SET
  177:d=10 hl=2 l=  31 cons: SEQUENCE
  179:d=11 hl=2 l=   3 prim: OBJECT:organizationName
  184:d=11 hl=2 l=  24 prim: UTF8STRING:Internet Widgits Pty Ltd
  210:d=8  hl=2 l=   9 prim: INTEGER   :C09819AB3ECC9A05
  221:d=7  hl=2 l=  40 prim: OCTET STRING  [HEX
DUMP]:2511DF2DBEC0F758E8CE3F35ECDD84757DEEC011633478BF00C18226FEDCD19BE5ABECEB9A735F99
  263:d=3  hl=2 l=  51 cons: SEQUENCE
  265:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
  276:d=4  hl=2 l=  20 cons: SEQUENCE
  278:d=5  hl=2 l=   8 prim: OBJECT:des-ede3-cbc
  288:d=5  hl=2 l=   8 prim: OCTET STRING  [HEX DUMP]:E924DA6FC08FC3AC
  298:d=4  hl=2 l=  16 prim: cont [ 0 ]
cmadden@ubuntu:~/openssl-1.0.2a/apps$



Private Key

cat ecc.key
-BEGIN EC PARAMETERS-
BggqhkjOPQMBAQ==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MF8CAQEEGM+L8hosGlnyrOjVsCfQ5kaj42XQ1182b6AKBggqhkjOPQMBAaE0AzIA
BMVGw0n/7hFdEkgi3wGOueh9P4FGBp1qL6ibDcaQUd9R6W+rFKM5LPnZ7awp2URt
sw==
-END EC PRIVATE KEY-


Public Key Cert

./openssl asn1parse -in ecc.crt
0:d=0  hl=4 l= 434 cons: SEQUENCE
4:d=1  hl=4 l= 359 cons: SEQUENCE
8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER   :02
   13:d=2  hl=2 l=   9 prim: INTEGER   :C09819AB3ECC9A05
   24:d=2  hl=2 l=  10 cons: SEQUENCE
   26:d=3  hl=2 l=   8 prim: OBJECT:ecdsa-with-SHA256
   36:d=2  hl=2 l=  69 cons: SEQUENCE
   38:d=3  hl=2 l=  11 cons: SET
   40:d=4  hl=2 l=   9 cons: SEQUENCE
   42:d=5  hl=2 l=   3 prim: OBJECT:countryName
   47:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
   51:d=3  hl=2 l=  19 cons: SET
   53:d=4  hl=2 l=  17 cons: SEQUENCE
   55:d=5  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
   60:d=5  hl=2 l=  10 prim: UTF8STRING:Some-State
   72:d=3  hl=2 l=  33 cons: SET
   74:d=4  hl=2 l=  31 cons: SEQUENCE
   76:d=5  hl=2 l=   3 prim: OBJECT:organizationName
   81:d=5  hl=2 l=  24 prim: UTF8STRING:Internet Widgits Pty Ltd
  107:d=2  hl=2 l=  30 cons: SEQUENCE
  109:d=3  hl=2 l=  13 prim: UTCTIME   :150326134803Z
  124:d=3  hl=2 l=  13 prim: UTCTIME   :150425134803Z
  139:d=2  hl=2 l=  69 cons: SEQUENCE
  141:d=3  hl=2 l=  11 cons: SET
  143:d=4  hl=2 l=   9 cons: SEQUENCE
  145:d=5  hl=2 l=   3 prim: OBJECT:countryName
  150:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :AU
  154:d=3  hl=2 l=  19 cons: SET
  156:d=4  hl=2 l=  17 cons: SEQUENCE
  158:d=5  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
  163:d=5  hl=2 l=  10 prim: UTF8STRING:Some-State
  175:d=3  hl=2 l=  33 cons: SET
  177:d=4  hl=2 l=  31 cons: SEQUENCE
  179:d=5  hl=2 l=   3 prim: OBJECT

Re: [openssl-users] CMS questions

[Dr. Stephen Henson]

On Tue, Feb 24, 2015, Richard Welty wrote:

 On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
 
  Typically you'd write the signed content to a memory BIO and then decrypt
  that. Precisely how you decrypt the enveloped data depends on the format. It
  might be in MIME format in which case you'd pass it through the MIME parser.
  Alternatively it could be enveloped data content type in which case you'd
  decode it as BER form.
 
  There are shortcuts you can make if, for example, you know the signed 
  content
  is not detached and in BER form.
 
 it will not be detached, and will be in BER form. shortcuts (as long as
 they're
 in a documented API) are welcome as this is in a path that should be fast.
 

So the embedded content type will be enveloped data?

If so first you can check that type using CMS_get0_eContentType().

Then you can use CMS_get0_content() to retrieve the embedded content as a
pointer to an OCTET STRING pointer. You should check that content is not NULL
and then retrieve the encoding of the content using ASN1_STRING_data and
ASN1_STRING_length.

Once you have those you can decode using d2i_CMS_ContentInfo().

A couple of those functions are currently undocumented (that will be fixed) but
nothing in that involves using structure internals.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS questions

[Richard Welty]

On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:

 Typically you'd write the signed content to a memory BIO and then decrypt
 that. Precisely how you decrypt the enveloped data depends on the format. It
 might be in MIME format in which case you'd pass it through the MIME parser.
 Alternatively it could be enveloped data content type in which case you'd
 decode it as BER form.

 There are shortcuts you can make if, for example, you know the signed content
 is not detached and in BER form.

it will not be detached, and will be in BER form. shortcuts (as long as
they're
in a documented API) are welcome as this is in a path that should be fast.

thanks,
   richard

-- 
rwe...@averillpark.net
 Averill Park Networking - GIS  IT Consulting
 OpenStreetMap - PostgreSQL - Linux
 Java - Web Applications - Search




signature.asc
Description: OpenPGP digital signature
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS questions

[Dr. Stephen Henson]

On Mon, Feb 23, 2015, Richard Welty wrote:

 i'm starting on some work that needs to use CMS in an
 application, and i'm having trouble getting my head
 wrapped around how to handle the case of verifying
 a signature and then decrypting the enveloped data
 that has been signed. specifically, i'm not grasping
 how to extract the encrypted data to pass to CMS_decrypt
 after verification is done. do i need to use a BIO
 filter for this or is there some other mechanism i'm not
 seeing?
 

Typically you'd write the signed content to a memory BIO and then decrypt
that. Precisely how you decrypt the enveloped data depends on the format. It
might be in MIME format in which case you'd pass it through the MIME parser.
Alternatively it could be enveloped data content type in which case you'd
decode it as BER form.

There are shortcuts you can make if, for example, you know the signed content
is not detached and in BER form.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS questions

[Richard Welty]

i'm starting on some work that needs to use CMS in an
application, and i'm having trouble getting my head
wrapped around how to handle the case of verifying
a signature and then decrypting the enveloped data
that has been signed. specifically, i'm not grasping
how to extract the encrypted data to pass to CMS_decrypt
after verification is done. do i need to use a BIO
filter for this or is there some other mechanism i'm not
seeing?

thanks in advance,
  richard

-- 
rwe...@averillpark.net
 Averill Park Networking - GIS  IT Consulting
 OpenStreetMap - PostgreSQL - Linux
 Java - Web Applications - Search




signature.asc
Description: OpenPGP digital signature
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: openssl/crypto/cms/

[Ger Hobbelt]

On Tue, Apr 8, 2008 at 5:48 AM, shankar ks [EMAIL PROTECTED] wrote:
 Hi Hobblet,

 Sorry for the late reply as I was busy with searching of other things . You
 have given a command regarding my question, but i did not understand that
 and how to use it to get the information of CMS from openssl CVS. I am not
 aware of using CVS also . I want to download the source code of the CMS from
 this CVS on to my windows system and implement that in the OVMS system. As i
 down loaded the 0.9.8e but I did not find any file like /crypto/cms ..

CVS is an Open Source 'revision control system' which runs on UNIX and Windows.
As it has been originally developed for UNIX, the commandline I
specified should work on any UNIX box which has CVS installed out of
the box.

For Windows, I'll refer you to the FAQ at

http://worldforge.org/doc/faq/cvs/#windows1

have a look at their 'Windows Specific' section.

Then go to the TortoiseCVS website and install the software - it's a
very good Windows client which encapsulates CVS with a GUI.
At the TortoiseCVS website, you will find a lot of information on how
to use it and which the equivalent of the given commandline is for the
Tortoise UI.

Alternatively, you can google for 'CVS Win32' or 'CVS Windows' for
additional sites with information and software, though I personally
preferred to use TortoiseCVS when I have to use CVS in a Windows-only
environment -- now I have moved software revision control off to a
dedicated UNIX machine, which makes it so much easier and faster for
large projects.

There are also several good books available about CVS which include
info on Windows and UNIX setup and usage (O'Reilly series, for one).


When you get the latest sourcecode using CVS, you will get the source
tree for 0.9.9, in which you will find said ./crypto/cms/ directory
and several other additions to 0.9.8.

Check it out!


Take care,

Ger





 Thanks in advance
 --Shankar



 On 4/2/08, Ger Hobbelt [EMAIL PROTECTED] wrote:
 
 
 
  On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED]
 wrote:
   Hi all,
  
   When i refer to the Openssl CVS, I did not find the file related to
   openssl/crypto/cms/ ,
   All files in this folder are showing the difference , but not the exact
   files... where can i get the cms files. and one more thing is i
 downloaded
   the OpenSSl kit of 0.9.8f version, but i did not find any files or
 folders
   with the specified names in the kit, means there is no folder availble
 with
   the name openssl/crypto/cms/...
 
  Like I said, it's in the latest CVS; 0.9.8 is the latest stable
  release IIRC, while the CVS I referred to was the development tree
  (0.9.9).
 
  Run this to grab it all; there _will_ be a complete crypto/cms/
  directory in there plus a cms.c tool sourcecode in apps/ :
 
cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R .
 
 
 
  --
  Met vriendelijke groeten / Best regards,
 
  Ger Hobbelt
 
  --
  web: http://www.hobbelt.com/
  http://www.hebbut.net/
  mail: [EMAIL PROTECTED]
  mobile: +31-6-11 120 978
  --
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   [EMAIL PROTECTED]
 



 --
 --Best Regards
 Shankar



-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--
web: http://www.hobbelt.com/
 http://www.hebbut.net/
mail: [EMAIL PROTECTED]
mobile: +31-6-11 120 978
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl/crypto/cms/

[shankar ks]

Hi Hobbelt,
I downloaded the tortoiseCMS and tried to checkout the data , but it was
asking for a password , and giving connection error like to many
authentication was failed for shankar ... ...


-- Shankar

On 4/8/08, Ger Hobbelt [EMAIL PROTECTED] wrote:

 On Tue, Apr 8, 2008 at 5:48 AM, shankar ks [EMAIL PROTECTED]
 wrote:
  Hi Hobblet,
 
  Sorry for the late reply as I was busy with searching of other things .
 You
  have given a command regarding my question, but i did not understand
 that
  and how to use it to get the information of CMS from openssl CVS. I am
 not
  aware of using CVS also . I want to download the source code of the CMS
 from
  this CVS on to my windows system and implement that in the OVMS system.
 As i
  down loaded the 0.9.8e but I did not find any file like /crypto/cms ..

 CVS is an Open Source 'revision control system' which runs on UNIX and
 Windows.
 As it has been originally developed for UNIX, the commandline I
 specified should work on any UNIX box which has CVS installed out of
 the box.

 For Windows, I'll refer you to the FAQ at

 http://worldforge.org/doc/faq/cvs/#windows1

 have a look at their 'Windows Specific' section.

 Then go to the TortoiseCVS website and install the software - it's a
 very good Windows client which encapsulates CVS with a GUI.
 At the TortoiseCVS website, you will find a lot of information on how
 to use it and which the equivalent of the given commandline is for the
 Tortoise UI.

 Alternatively, you can google for 'CVS Win32' or 'CVS Windows' for
 additional sites with information and software, though I personally
 preferred to use TortoiseCVS when I have to use CVS in a Windows-only
 environment -- now I have moved software revision control off to a
 dedicated UNIX machine, which makes it so much easier and faster for
 large projects.

 There are also several good books available about CVS which include
 info on Windows and UNIX setup and usage (O'Reilly series, for one).


 When you get the latest sourcecode using CVS, you will get the source
 tree for 0.9.9, in which you will find said ./crypto/cms/ directory
 and several other additions to 0.9.8.

 Check it out!


 Take care,

 Ger




 
  Thanks in advance
  --Shankar
 
 
 
  On 4/2/08, Ger Hobbelt [EMAIL PROTECTED] wrote:
  
  
  
   On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED]
  wrote:
Hi all,
   
When i refer to the Openssl CVS, I did not find the file related to
openssl/crypto/cms/ ,
All files in this folder are showing the difference , but not the
 exact
files... where can i get the cms files. and one more thing is i
  downloaded
the OpenSSl kit of 0.9.8f version, but i did not find any files or
  folders
with the specified names in the kit, means there is no folder
 availble
  with
the name openssl/crypto/cms/...
  
   Like I said, it's in the latest CVS; 0.9.8 is the latest stable
   release IIRC, while the CVS I referred to was the development tree
   (0.9.9).
  
   Run this to grab it all; there _will_ be a complete crypto/cms/
   directory in there plus a cms.c tool sourcecode in apps/ :
  
 cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R .
  
  
  
   --
   Met vriendelijke groeten / Best regards,
  
   Ger Hobbelt
  
   --
   web: http://www.hobbelt.com/
   http://www.hebbut.net/
   mail: [EMAIL PROTECTED]
   mobile: +31-6-11 120 978
   --
   __
   OpenSSL Project http://www.openssl.org
   User Support Mailing Listopenssl-users@openssl.org
   Automated List Manager   [EMAIL PROTECTED]
  
 
 
 
  --
  --Best Regards
  Shankar



 --
 Met vriendelijke groeten / Best regards,

 Ger Hobbelt

 --
 web: http://www.hobbelt.com/
 http://www.hebbut.net/
 mail: [EMAIL PROTECTED]
 mobile: +31-6-11 120 978
 --
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   [EMAIL PROTECTED]




-- 
--Best Regards
Shankar

Re: openssl/crypto/cms/

[Ger Hobbelt]

To get the sources from the CVS repository, you should log in as
anonymous user, i.e. use user

  anonymous

and no password at all (empty password).


This you can also see in the original commandline I specified:

  cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R .



-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--
web: http://www.hobbelt.com/
 http://www.hebbut.net/
mail: [EMAIL PROTECTED]
mobile: +31-6-11 120 978
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: openssl/crypto/cms/

[shankar ks]

Hi Hobblet,

Sorry for the late reply as I was busy with searching of other things . You
have given a command regarding my question, but i did not understand that
and how to use it to get the information of CMS from openssl CVS. I am not
aware of using CVS also . I want to download the source code of the CMS from
this CVS on to my windows system and implement that in the OVMS system. As i
down loaded the 0.9.8e but I did not find any file like /crypto/cms ..

Thanks in advance
--Shankar


On 4/2/08, Ger Hobbelt [EMAIL PROTECTED] wrote:

 On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED]
 wrote:
  Hi all,
 
  When i refer to the Openssl CVS, I did not find the file related to
  openssl/crypto/cms/ ,
  All files in this folder are showing the difference , but not the exact
  files... where can i get the cms files. and one more thing is i
 downloaded
  the OpenSSl kit of 0.9.8f version, but i did not find any files or
 folders
  with the specified names in the kit, means there is no folder availble
 with
  the name openssl/crypto/cms/...

 Like I said, it's in the latest CVS; 0.9.8 is the latest stable
 release IIRC, while the CVS I referred to was the development tree
 (0.9.9).

 Run this to grab it all; there _will_ be a complete crypto/cms/
 directory in there plus a cms.c tool sourcecode in apps/ :

   cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R .



 --
 Met vriendelijke groeten / Best regards,

 Ger Hobbelt

 --
 web: http://www.hobbelt.com/
 http://www.hebbut.net/
 mail: [EMAIL PROTECTED]
 mobile: +31-6-11 120 978
 --
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   [EMAIL PROTECTED]




-- 
--Best Regards
Shankar

Re: openssl/crypto/cms/

[Ger Hobbelt]

On Wed, Apr 2, 2008 at 5:26 AM, shankar ks [EMAIL PROTECTED] wrote:
 Hi all,

 When i refer to the Openssl CVS, I did not find the file related to
 openssl/crypto/cms/ ,
 All files in this folder are showing the difference , but not the exact
 files... where can i get the cms files. and one more thing is i downloaded
 the OpenSSl kit of 0.9.8f version, but i did not find any files or folders
 with the specified names in the kit, means there is no folder availble with
 the name openssl/crypto/cms/...

Like I said, it's in the latest CVS; 0.9.8 is the latest stable
release IIRC, while the CVS I referred to was the development tree
(0.9.9).

Run this to grab it all; there _will_ be a complete crypto/cms/
directory in there plus a cms.c tool sourcecode in apps/ :

   cvs -z3 -d [EMAIL PROTECTED]:/openssl-cvs co -R .



-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--
web: http://www.hobbelt.com/
 http://www.hebbut.net/
mail: [EMAIL PROTECTED]
mobile: +31-6-11 120 978
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

openssl/crypto/cms/

[shankar ks]

*Hi all,*
**
*When i refer to the Openssl CVS, I did not find the file related to*
*openssl/crypto/cms/
, *
All files in this folder are showing the difference , but not the exact
files... where can i get the cms files. and one more thing is i downloaded
the OpenSSl kit of 0.9.8f version, but i did not find any files or folders
with the specified names in the kit, means there is no folder availble with
the name openssl/crypto/cms/...

--Best Regards
Shankar

OpenSSL and CMS

[Antonio Ruiz Martínez]

Hello!
   I'm writing you because I would like to know if Opessl is planning 
to support the Cryptographic Message Syntax (CMS) for the PKCS#7, and in 
that case, when it could be possible to be available.

Thanks for your answers,
Regards,
Antonio.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]