openssl CMS与ECDH EnvelopedData [英] openssl CMS with ECDH EnvelopedData
本文介绍了openssl CMS与ECDH EnvelopedData的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在玩openssl 1.0.2a - 专门用于ECC的CMS支持。
作为一个测试,我做一个简单的加密和解密。
我给出了一个RSA示例作为一个已知的良好的工作示例/健全性测试。
ECC示例失败。
任何想法? TIA。
./ openssl version
$ OpenSSL的Steve Henson解决了以下问题:RSA可以在不知道证书的情况下解密,但目前EC不能,因此请尝试包括选项-recip ecc.crt当您解密
OpenSSL 1.0.2a 2015年3月19日
echo -n 12345678123456781234567812345678> sess.txt#32 byte plaintext
#RSA works
./openssl genrsa -out rsa.key 2048
./openssl req -x509 -new -key rsa.key - out rsa.crt
./openssl cms -encrypt -in sess.txt -out rsaencsess.bin -outform PEM rsa.crt
./openssl cms -decrypt -in rsaencsess.bin -out rsadecsess.txt -inform PEM -inkey rsa.key
#AOK。
#EC失败
./openssl ecparam -name prime192v1 -genkey -out ecc.key
./openssl req -x509 -new -key ecc.key -out ecc。 crt
./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key
解密CMS结构时出错
错误:06065064:数字信封程序:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
现在可以使用:
./ openssl ecparam -name prime192v1 -genkey -out ecc.key
./openssl req -x509 -new -key ecc.key -out ecc.crt
./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt
./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key -recip ecc.crt#注意 -recip ecc.crt是目前必需的,否则它不会工作!
I am playing with openssl 1.0.2a - specifically CMS support for ECC. As a test I am doing a simple encrypt and decrypt. I gave an RSA example as a known good working example / sanity test. The ECC example fails.
Any ideas? TIA.
./openssl version OpenSSL 1.0.2a 19 Mar 2015 echo -n 12345678123456781234567812345678 > sess.txt # 32 byte plaintext #RSA works ./openssl genrsa -out rsa.key 2048 ./openssl req -x509 -new -key rsa.key -out rsa.crt ./openssl cms -encrypt -in sess.txt -out rsaencsess.bin -outform PEM rsa.crt ./openssl cms -decrypt -in rsaencsess.bin -out rsadecsess.txt -inform PEM -inkey rsa.key #AOK. #EC fails ./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key Error decrypting CMS structure error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
解决方案OpenSSL's Steve Henson resolved it as follows: "RSA can decrypt without knowing the certificate but currently EC cannot. So try including the option -recip ecc.crt when you decrypt
this now works:
./openssl ecparam -name prime192v1 -genkey -out ecc.key ./openssl req -x509 -new -key ecc.key -out ecc.crt ./openssl cms -encrypt -in sess.txt -out encsess.bin -outform PEM ecc.crt ./openssl cms -decrypt -in encsess.bin -out decsess.txt -inform PEM -inkey ecc.key -recip ecc.crt # NOTE "-recip ecc.crt" is currently required else it won't work!
这篇关于openssl CMS与ECDH EnvelopedData的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文