Hi,we are testing OpenSSL interoperability with a third-party application, and we cannot decrypt a CMS object that is encrypted by the third-party application with a prime256v1 elliptic-curve certificate.
I have attached the following files: demo_signer_ec_secp256r1.cms.der: DER-encoded CMS object demo_signer_ec_secp256r1.cert.pem: recipient certificate demo_signer_ec_secp256r1.pkey.pem. recipient private key (no password)I try to decrypt the CMS object with the following command using OpenSSL 1.0.2:
$ openssl version OpenSSL 1.0.2h 3 May 2016$ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform DER -recip demo_signer_ec_secp256r1.cert.pem -inkey demo_signer_ec_secp256r1.pkey.pem
Error decrypting CMS using private keyWhen I use OpenSSL 1.1.0 beta from today's HEAD of the master branch, I see an additional error message:
$ openssl version OpenSSL 1.1.0-pre6-dev xx XXX xxxx$ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform DER -recip demo_signer_ec_secp256r1.cert.pem -inkey demo_signer_ec_secp256r1.pkey.pem
Error decrypting CMS using private key140735294530304:error:0D06E0A4:asn1 encoding routines:asn1_do_adb:unsupported any defined by type:crypto/asn1/tasn_utl.c:238:
Is the CMS object broken, or is this a problem in OpenSSL? Thanks -- Stephan
demo_signer_ec_secp256r1.cert.pem
Description: application/x509-ca-cert
demo_signer_ec_secp256r1.cms.der
Description: application/x509-ca-cert
demo_signer_ec_secp256r1.pkey.pem
Description: application/x509-ca-cert
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
