Re: [openssl-users] Creating an X25519-based Certificate

[Abe Racioppo]

tsets

On 6/29/16, Abe Racioppo <abe.racio...@gmail.com> wrote:
> 290620161352
>
> On 6/29/16, Salz, Rich <rs...@akamai.com> wrote:
>>
>>> But surely the openssl command line tool should provide a mechanism for
>>> allowing an X25519-based certificate to be signed by a CA.
>>
>>> Its seems that the "certificate request" protocol, which requires
>>> self-signing, prevents this in this case.
>>
>> Yes, that is exactly the point.
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
> --
> signature
>


-- 
signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

[Abe Racioppo]

290620161352

On 6/29/16, Salz, Rich  wrote:
>
>> But surely the openssl command line tool should provide a mechanism for
>> allowing an X25519-based certificate to be signed by a CA.
>
>> Its seems that the "certificate request" protocol, which requires
>> self-signing, prevents this in this case.
>
> Yes, that is exactly the point.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Abe Racioppo]

Thank you for the responses.

I have implemented encryption that adds a secret key, and secret key id
using:
CMS_add0_recipient_key,
CMS_EncryptData_encrypt,
SMIME_write_CMS
The output file looks correct, but I need to decrypt it back to be sure.

I would like to be able to get the secret key id from the envelope data to
then search a database for the key, and then CMS_decrypt.  I have yet to
determine the most straightforward way of getting the key ids from the
envelope/wrapped content of cms.

Is there a combination if I have SMIME_read the cms from a file like:
  keyId =  cms->envelopedData->keyId?

Or do I need to handle a stack_of recipient infos in order to get the key
id from kekri0_get_id?

Thanks again,
Abe


On Tue, Apr 5, 2016 at 7:39 AM, Dr. Stephen Henson <st...@openssl.org>
wrote:

> On Mon, Apr 04, 2016, Abe Racioppo wrote:
>
> > Hey guys,
> >
> > I'm trying to use the CMS operations in libcrypto but with a symmetric
> key
> > encryption key instead of x509.
> >
> > I'm thinking I want to use a combination of
> >
> > CMS_RecipientInfo_set0_pkey,
> > SMIME_write_CMS,
> > and
> > CMS_EncryptedData_encrypt.
> >
> > Has anyone done this before and can give me some direction?  This is my
> > first time working with openssl and am getting kinda lost.
> >
>
> You have several options here.
>
> You can just use the encrypted data type with a key directly.
>
> You can use the enveloped data type with a symmetric wrapping key.
>
> You can use the enveloped data type with a password based recipient info.
>
> Which you use depends on the application you have in mind.
>
> In the first case you just call CMS_EncryptData_encrypt() followed by
> SMIME_write_CMS().
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS with Symmetric key

[Abe Racioppo]

Hey guys,

I'm trying to use the CMS operations in libcrypto but with a symmetric key
encryption key instead of x509.

I'm thinking I want to use a combination of

CMS_RecipientInfo_set0_pkey,
SMIME_write_CMS,
and
CMS_EncryptedData_encrypt.

Has anyone done this before and can give me some direction?  This is my
first time working with openssl and am getting kinda lost.

Thanks,

Abe
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users