Re: [openssl-users] How to turn on certain elements in CMS objects
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: > So do I understand it correctly that OpenSSL currentls only supports > RFC3278? Does that mean that it can't process CMS enveloped data > objects that are created according to RFC5753? > OpenSSL should be able to decrypt either RFC3278 or RFC5753 forms. > In my other thread titled "Unable to decrypt CMS object encrypted > with EC prime256v1 certificate" the CMS object that cannot be > decrypted with OpenSSL does contain the EC parameters. Can that be > related to the problem? > It shouldn't affect OpenSSL's ability to decrypt the object as that information is not used anywhere in the key derivation. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to turn on certain elements in CMS objects
Am 06.07.16 um 15:46 schrieb Dr. Stephen Henson: ... Second the following: 129 10: [1] { 1318: OCTET STRING B1 04 4A FD FC 8B 70 6D : } If I match this correctly to RFC 5652, this is ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL inside the KeyAgreeRecipientInfo SEQUENCE (see https://tools.ietf.org/html/rfc5652#section-6.2.2). Can OpenSSL emit this optional element? Yes but not using the command line utility. It would require a custom program to set the parameter using the CMS API. Could you pleaee briefly explain how set the parameter? I could not find anything in the documentation of the CMS API about this. What is the purpose of the "ukm" field? It provides some additional optional random data used in the key encryption key derivation algorithm. Note that you can get a diagnistic dump using: openssl cms -cmsout -inform DER -print -in cmd.der I wasn't aware of this feature, that looks very useful, thanks! -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to turn on certain elements in CMS objects
Am 06.07.16 um 16:02 schrieb Dr. Stephen Henson: On Wed, Jul 06, 2016, Dr. Stephen Henson wrote: On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote: First the AlgorithmIdentifier includes the EC curve name: 40 19: SEQUENCE { 427: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) 518: OBJECT IDENTIFIER ansiX9p256r1 (1 2 840 10045 3 1 7) : } In CMS objects created with OpenSSL with the same recipient certificate, the curve name is always omitted. Is it possible to make OpenSSL emit the curve name as well? No as this is a violation of the standards. From RFC3278: originator MUST be the alternative originatorKey. The originatorKey algorithm field MUST contain the id-ecPublicKey object identifier (see Section 8.1) with NULL parameters. The originatorKey publicKey field MUST contain the DER-encoding of a value of the ASN.1 type ECPoint (see Section 8.2), which represents the sending agent's ephemeral EC public key. Correction... that is not allowed by RFC3278 but is allowed in RFC5753 but OpenSSL doesn't currently generate that format. It's not clear what purpose it serves as the EC parameters are specified in the recipient's key and certificate anyway. So do I understand it correctly that OpenSSL currentls only supports RFC3278? Does that mean that it can't process CMS enveloped data objects that are created according to RFC5753? In my other thread titled "Unable to decrypt CMS object encrypted with EC prime256v1 certificate" the CMS object that cannot be decrypted with OpenSSL does contain the EC parameters. Can that be related to the problem? -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to turn on certain elements in CMS objects
On Wed, Jul 06, 2016, Dr. Stephen Henson wrote: > On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote: > > > > > First the AlgorithmIdentifier includes the EC curve name: > > > > 40 19: SEQUENCE { > > 427: OBJECT IDENTIFIER ecPublicKey (1 2 840 > > 10045 2 1) > > 518: OBJECT IDENTIFIER ansiX9p256r1 (1 2 840 > > 10045 3 1 7) > > : } > > > > In CMS objects created with OpenSSL with the same recipient > > certificate, the curve name is always omitted. Is it possible to > > make OpenSSL emit the curve name as well? > > > > No as this is a violation of the standards. From RFC3278: > > originator MUST be the alternative originatorKey. The > originatorKey algorithm field MUST contain the id-ecPublicKey > object identifier (see Section 8.1) with NULL parameters. The > originatorKey publicKey field MUST contain the DER-encoding of a > value of the ASN.1 type ECPoint (see Section 8.2), which > represents the sending agent's ephemeral EC public key. > Correction... that is not allowed by RFC3278 but is allowed in RFC5753 but OpenSSL doesn't currently generate that format. It's not clear what purpose it serves as the EC parameters are specified in the recipient's key and certificate anyway. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to turn on certain elements in CMS objects
On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote: > Hi, > > this message is related to another question that I sent with subject > "Unable to decrypt CMS object encrypted with EC prime256v1 > certificate". > > Below I have included the full ASN.1 dump of the CMS object > generated by a third-party application. > > The CMS object has two properties that I so far was not able to > reproduce when creating CMS objects with OpenSSL: > > First the AlgorithmIdentifier includes the EC curve name: > > 40 19: SEQUENCE { > 427: OBJECT IDENTIFIER ecPublicKey (1 2 840 > 10045 2 1) > 518: OBJECT IDENTIFIER ansiX9p256r1 (1 2 840 > 10045 3 1 7) > : } > > In CMS objects created with OpenSSL with the same recipient > certificate, the curve name is always omitted. Is it possible to > make OpenSSL emit the curve name as well? > No as this is a violation of the standards. From RFC3278: originator MUST be the alternative originatorKey. The originatorKey algorithm field MUST contain the id-ecPublicKey object identifier (see Section 8.1) with NULL parameters. The originatorKey publicKey field MUST contain the DER-encoding of a value of the ASN.1 type ECPoint (see Section 8.2), which represents the sending agent's ephemeral EC public key. > Second the following: > > 129 10: [1] { > 1318: OCTET STRING B1 04 4A FD FC 8B 70 6D > : } > > If I match this correctly to RFC 5652, this is > > ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL > > inside the KeyAgreeRecipientInfo SEQUENCE (see > https://tools.ietf.org/html/rfc5652#section-6.2.2). > > Can OpenSSL emit this optional element? Yes but not using the command line utility. It would require a custom program to set the parameter using the CMS API. > What is the purpose of the "ukm" field? > It provides some additional optional random data used in the key encryption key derivation algorithm. Note that you can get a diagnistic dump using: openssl cms -cmsout -inform DER -print -in cmd.der Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users