Re: [openssl-users] mail encryption with ecdsa cert

> On 26 Jan 2018, at 18:20, Kyle Hamilton wrote: > > In order to use Elliptical Curves to encrypt, you would have to use > the "Elliptical Curve Diffie-Hellman" algorithm to perform a key > agreement. This requires that both the sender and the recipient have > EC keys

Re: [openssl-users] mail encryption with ecdsa cert

On 26 Jan 2018, at 18:55, Viktor Dukhovni wrote: > > This requires a pipeline of two cms(1) commands, one to sign and other > to encrypt (S/MIME is generally a sign-then-encrypt encapsulation). > The inner signed content would be the just the payload no mail headers.

Re: [openssl-users] mail encryption with ecdsa cert

> On Jan 26, 2018, at 10:13 AM, clou wrote: > > openssl cms -sign works perfect and sending an email. > > For encryption and sending an email I just get an email with an attachment > smime.p7m. > > I use the following encryption command > > openssl cms -encrypt \ >

Re: [openssl-users] mail encryption with ecdsa cert

Doesn't S/MIME permit the half-ephemeral ECDH algorithm where the recipient's static ECDH certificate is combined with a per message ephemeral ECDH key? On 26/01/2018 18:20, Kyle Hamilton wrote: On the algorithmic side of things, the ECDSA algorithm cannot encrypt. It is signing-only. In order

Re: [openssl-users] mail encryption with ecdsa cert

On the algorithmic side of things, the ECDSA algorithm cannot encrypt. It is signing-only. In order to use Elliptical Curves to encrypt, you would have to use the "Elliptical Curve Diffie-Hellman" algorithm to perform a key agreement. This requires that both the sender and the recipient have EC

[openssl-users] mail encryption with ecdsa cert

openssl 1.1.0.f ecdsa 512 certificate openssl cms -sign works perfect and sending an email. For encryption and sending an email I just get an email with an attachment smime.p7m. I use the following encryption command openssl cms -encrypt \ -recip cert.pem \ -subject 'openssl