Re: Support for ECDH One-pass in "openssl cms enc"

Mon, 24 May 2021 00:41:14 -0700 

Hi,

after studying the different key generator functions more closely I came to the 
conclusion that, since the Prime256 curve has a cofactor of 1, both KDF should 
produce the same value and so everything has cleared up.

Kind regards,
Henning
________________________________
From: openssl-users <openssl-users-boun...@openssl.org> on behalf of Henning 
Krause via openssl-users <openssl-users@openssl.org>
Sent: Sunday, May 23, 2021 2:45 PM
To: openssl-users@openssl.org <openssl-users@openssl.org>
Subject: Support for ECDH One-pass in "openssl cms enc"

Hi,

I'm trying to encrypt an email using the ECDH One-Pass algorithm. I've first 
created an X509 certificate with an EDSA key based on the curve prime256v1.

Then, I ran this command:

openssl cms -encrypt -in Unencrypted.eml -binary -recip ecc.cer -aes256 -keyopt 
ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1

This does indeed create an encrypted eml:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; 
name="smime.p7m"
Content-Transfer-Encoding: base64

MIIBuQYJKoZIhvcNAQcDoIIBqjCCAaYCAQIxggEQoYIBDAIBA6BRoU8wCQYHKoZI
zj0CAQNCAAQYMD63JbNHczeD0BVjdlzuZAdTyFchu/KsXAZA6/OmbJ37xEoga1GG
ItMUW5qnzzNL9L25wi1GVZrMxH5bksxEMBUGBiuBBAEOATALBglghkgBZQMEAS0w
gZwwgZkwbTBnMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRIwEAYDVQQHDAlQ
YWRlcmJvcm4xGTAXBgNVBAoMEE5ldCBhdCBXb3JrIEdtYkgxGzAZBgNVBAMMEk5v
U3BhbVByb3h5IERldiBDQQICEBwEKB6t+YrcLQLXlVc8oC47Ija4mgzJ0uv7DvFl
JQXtUGZpf4pYQ9fvEO0wgYwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEENsnhiim
ZK1xDpAN3tpDiwmAYLp71os2uX6TIEJeDbtAuEf570gNii9AdHgdbS3+4hpFUyKI
fifnofwQRq5+vsIc8DllYGMdMoWknO0vzNSNaLFpWMJ2Xe0SFyU0dO30wHlHXvz3
a3CzwXa5yoQ1qHfo3Q==

And it does have the expected KEK encryption algorithm set:
1.3.132.1.14.1 => dhSinglePass-cofactorDH-sha256kdf-scheme

However, the KDF method used is exactly the same as when I execute:
openssl cms -encrypt -in Unencrypted.eml -binary -recip ecc.cer -aes256 -keyopt 
ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:0

This call does produce a different KEK algorithm:
1.3.132.1.11.1 ecdhX963KDF-SHA256.

At least I can decrypt the content encryption key in both cases using the same 
algorithm ('Standard' ECDH).

I'm using OpenSSL 3.0.0-beta1-dev  (Library: OpenSSL 3.0.0-beta1-dev ).

Any ideas? Do I need any additional parameters to get this working?

Kind regards,
Henning

Reply via email to