I am trying to to get mutt to use a FIPS validated OpenSSL to send/receive encrypted emails. When I don't set the environment variable OPENSSL_FIPS=1, everything works fine.
When I try the same command to decrypt an email with OPENSSL_FIPS set, it fails with: env OPENSSL_FIPS=1 openssl smime -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c unable to load signing key file 11851:error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:292: 11851:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330: 11851:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:428: And when I try to look at my private key with FIPS enabled, it fails with: env OPENSSL_FIPS=1 openssl rsa -in <file> -text Enter pass phrase for <file>: unable to load Private Key 12050:error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:292: 12050:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330: 12050:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:428: So it looks like it doesn't like the encryption on my private key. The default encryption on my key should be triple DES, but I've also tried to change the encryption on my key to aes256, but it still fails with the same message. How do I get my private key into a format acceptable to FIPS? Or is there something else that I'm missing? Davin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
