Rob Wilton \(rwilton\) <[email protected]> wrote: > Stephane or Warren can probably can correct me as a butcher the > explanation, but ... > ... I think that the issue is that the appendix is given as sequence of > steps to follow, and in Step 1 (A.1), the certificate is generated > using an elliptical curve algorithm, which means that by the time that > you get to the step in A 2.2 ,the openssl command fails because openssl > doesn't allow you to S/MIME encrypt with the certificate generated in > A.1 that is based on an elliptic curve algorithm.
> The solution to fix this would be to change the type of algorithm used
> in Step 1 (A.1) to RSA, in which case this step would succeed.
That's one way to do it.
ECIES would also work, but maybe openssl CMS can't do that.
Given that
a) it's non-normative example.
b) in practice doing this with openssl shell commands is not a good solution
(error handling, database access, etc.)
I suggest that we acknowledge the error (should use RSA), but that there
isn't a simple text change.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
