Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Dr. Stephen Henson 
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote:

> So do I understand it correctly that OpenSSL currentls only supports
> RFC3278? Does that mean that it can't process CMS enveloped data
> objects that are created according to RFC5753?
> 

OpenSSL should be able to decrypt either RFC3278 or RFC5753 forms.

> In my other thread titled "Unable to decrypt CMS object encrypted
> with EC prime256v1 certificate" the CMS object that cannot be
> decrypted with OpenSSL does contain the EC parameters. Can that be
> related to the problem?
> 

It shouldn't affect OpenSSL's ability to decrypt the object as that
information is not used anywhere in the key derivation.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Stephan Mühlstrasser 

Am 06.07.16 um 15:46 schrieb Dr. Stephen Henson:

...


Second the following:

 129   10:   [1] {
 1318: OCTET STRING B1 04 4A FD FC 8B 70 6D
 : }

If I match this correctly to RFC 5652, this is

ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL

inside the KeyAgreeRecipientInfo SEQUENCE (see
https://tools.ietf.org/html/rfc5652#section-6.2.2).

Can OpenSSL emit this optional element?


Yes but not using the command line utility. It would require a custom program
to set the parameter using the CMS API.


Could you pleaee briefly explain how set the parameter? I could not find 
anything in the documentation of the CMS API about this.



What is the purpose of the "ukm" field?



It provides some additional optional random data used in the key encryption
key derivation algorithm.

Note that you can get a diagnistic dump using:

  openssl cms -cmsout -inform DER -print -in cmd.der


I wasn't aware of this feature, that looks very useful, thanks!

--
Stephan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Stephan Mühlstrasser 

Am 06.07.16 um 16:02 schrieb Dr. Stephen Henson:

On Wed, Jul 06, 2016, Dr. Stephen Henson wrote:


On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote:



First the AlgorithmIdentifier includes the EC curve name:

  40   19:   SEQUENCE {
  427: OBJECT IDENTIFIER ecPublicKey (1 2 840
10045 2 1)
  518: OBJECT IDENTIFIER ansiX9p256r1 (1 2 840
10045 3 1 7)
 : }

In CMS objects created with OpenSSL with the same recipient
certificate, the curve name is always omitted. Is it possible to
make OpenSSL emit the curve name as well?



No as this is a violation of the standards. From RFC3278:

  originator MUST be the alternative originatorKey.  The
  originatorKey algorithm field MUST contain the id-ecPublicKey
  object identifier (see Section 8.1) with NULL parameters.  The
  originatorKey publicKey field MUST contain the DER-encoding of a
  value of the ASN.1 type ECPoint (see Section 8.2), which
  represents the sending agent's ephemeral EC public key.



Correction... that is not allowed by RFC3278 but is allowed in RFC5753 but
OpenSSL doesn't currently generate that format. It's not clear what purpose it
serves as the EC parameters are specified in the recipient's key and
certificate anyway.


So do I understand it correctly that OpenSSL currentls only supports 
RFC3278? Does that mean that it can't process CMS enveloped data objects 
that are created according to RFC5753?


In my other thread titled "Unable to decrypt CMS object encrypted with 
EC prime256v1 certificate" the CMS object that cannot be decrypted with 
OpenSSL does contain the EC parameters. Can that be related to the problem?


--
Stephan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Dr. Stephen Henson 
On Wed, Jul 06, 2016, Dr. Stephen Henson wrote:

> On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote:
> 
> > 
> > First the AlgorithmIdentifier includes the EC curve name:
> > 
> >   40   19:   SEQUENCE {
> >   427: OBJECT IDENTIFIER ecPublicKey (1 2 840
> > 10045 2 1)
> >   518: OBJECT IDENTIFIER ansiX9p256r1 (1 2 840
> > 10045 3 1 7)
> >  : }
> > 
> > In CMS objects created with OpenSSL with the same recipient
> > certificate, the curve name is always omitted. Is it possible to
> > make OpenSSL emit the curve name as well?
> > 
> 
> No as this is a violation of the standards. From RFC3278:
> 
>   originator MUST be the alternative originatorKey.  The
>   originatorKey algorithm field MUST contain the id-ecPublicKey
>   object identifier (see Section 8.1) with NULL parameters.  The
>   originatorKey publicKey field MUST contain the DER-encoding of a
>   value of the ASN.1 type ECPoint (see Section 8.2), which
>   represents the sending agent's ephemeral EC public key.
> 

Correction... that is not allowed by RFC3278 but is allowed in RFC5753 but
OpenSSL doesn't currently generate that format. It's not clear what purpose it
serves as the EC parameters are specified in the recipient's key and
certificate anyway.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to turn on certain elements in CMS objects

2016-07-06 Thread Dr. Stephen Henson 
On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote:

> Hi,
> 
> this message is related to another question that I sent with subject
> "Unable to decrypt CMS object encrypted with EC prime256v1
> certificate".
> 
> Below I have included the full ASN.1 dump of the CMS object
> generated by a third-party application.
> 
> The CMS object has two properties that I so far was not able to
> reproduce when creating CMS objects with OpenSSL:
> 
> First the AlgorithmIdentifier includes the EC curve name:
> 
>   40   19:   SEQUENCE {
>   427: OBJECT IDENTIFIER ecPublicKey (1 2 840
> 10045 2 1)
>   518: OBJECT IDENTIFIER ansiX9p256r1 (1 2 840
> 10045 3 1 7)
>  : }
> 
> In CMS objects created with OpenSSL with the same recipient
> certificate, the curve name is always omitted. Is it possible to
> make OpenSSL emit the curve name as well?
> 

No as this is a violation of the standards. From RFC3278:

  originator MUST be the alternative originatorKey.  The
  originatorKey algorithm field MUST contain the id-ecPublicKey
  object identifier (see Section 8.1) with NULL parameters.  The
  originatorKey publicKey field MUST contain the DER-encoding of a
  value of the ASN.1 type ECPoint (see Section 8.2), which
  represents the sending agent's ephemeral EC public key.


> Second the following:
> 
>  129   10:   [1] {
>  1318: OCTET STRING B1 04 4A FD FC 8B 70 6D
>  : }
> 
> If I match this correctly to RFC 5652, this is
> 
> ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL
> 
> inside the KeyAgreeRecipientInfo SEQUENCE (see
> https://tools.ietf.org/html/rfc5652#section-6.2.2).
> 
> Can OpenSSL emit this optional element?

Yes but not using the command line utility. It would require a custom program
to set the parameter using the CMS API.

> What is the purpose of the "ukm" field?
> 

It provides some additional optional random data used in the key encryption
key derivation algorithm.

Note that you can get a diagnistic dump using:

  openssl cms -cmsout -inform DER -print -in cmd.der

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users