On Thu, Apr 25, 2013, Viktor Dukhovni wrote: > On Wed, Apr 24, 2013 at 10:35:04PM -0400, Dave Thompson wrote: > > > > I am assuming RSA though I would like to do ECDSA. > > > > These APIs will use any privatekey for which a signature > > scheme is available; that's RSA DSA ECDSA (or pedantically > > EC; openssl uses the same EC_KEY struct for ECDSA and ECDH). > > (In general openssl routines using EVP_PKEY will handle many > > key types, that's exactly what the EVP level is for.) > > For some time CMS did not support ECDSA (recipient public keys), > only RSA was supported. Has that changed recently? One needs to > recipient public keys to encrypt the message key to each recipient, > which is different from the sender key used for signing. There was > no code for that last time I looked, is there a suitable standard > for using ECDSA with CMS recipients? I just tried with 1.0.1e and > could only encrypt to an RSA recipient. >
OpenSSL doesn't currentliy support ECDH with the eneveloped data type. It does support ECDSA for sign/verify. I'll be looking into adding support in future. It would help a great deal if I had some test vectors (e.g. sample of messages and appropriate keys) for ECDH for interop testing. Anyone who has any either post links to them in the list or if you prefer send them to me privately. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org