Am 06.07.16 um 15:46 schrieb Dr. Stephen Henson:
...
Second the following:
129 10: [1] {
131 8: OCTET STRING B1 04 4A FD FC 8B 70 6D
: }
If I match this correctly to RFC 5652, this is
ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL
inside the KeyAgreeRecipientInfo SEQUENCE (see
https://tools.ietf.org/html/rfc5652#section-6.2.2).
Can OpenSSL emit this optional element?
Yes but not using the command line utility. It would require a custom program
to set the parameter using the CMS API.
Could you pleaee briefly explain how set the parameter? I could not find
anything in the documentation of the CMS API about this.
What is the purpose of the "ukm" field?
It provides some additional optional random data used in the key encryption
key derivation algorithm.
Note that you can get a diagnistic dump using:
openssl cms -cmsout -inform DER -print -in cmd.der
I wasn't aware of this feature, that looks very useful, thanks!
--
Stephan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
