Re: Trying to create DER-encoded CMS Encrypted-Data

Wed, 12 Nov 2014 01:48:00 -0800 

Hmmm, looking at your suggestion more closely, there's more to it than
that. When the client holds nothing but the symmetric key used to
produce the ciphertext, I think it needs an Encrypted-Data, not an
Enveloped-Data. The CMS_encrypt(3) function produces an
Enveloped-Data.

On Wed, Nov 12, 2014 at 11:42 AM, Sheldon Hearn <sheld...@starjuice.net> wrote:
> Thanks for the suggestion, Matt. As far as I know, ruby's openssl
> bindings don't expose CMS_encrypt. :-(
>
> On Wed, Nov 12, 2014 at 11:25 AM, Matt Caswell <m...@openssl.org> wrote:
>>
>>
>> On 12/11/14 09:07, Sheldon Hearn wrote:
>>> The AES-IV is present, but the ciphertext is not. I've boiled the ruby
>>> code down for the purposes of asking this question:
>>>
>>> #>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>> require 'openssl'
>>>
>>> cleartext = "The cake is a lie!"
>>>
>>> cipher = OpenSSL::Cipher::AES256.new(:CBC)
>>> cipher.encrypt
>>> cipher.random_key
>>> iv = cipher.random_iv
>>> ciphertext = cipher.update(cleartext) + cipher.final
>>>
>>> cms = OpenSSL::ASN1::Sequence.new([
>>>   OpenSSL::ASN1::ObjectId.new("1.2.840.113549.1.7.6"),
>>>   OpenSSL::ASN1::Sequence.new([
>>>     OpenSSL::ASN1::Integer.new(0),
>>>     OpenSSL::ASN1::Sequence.new([
>>>       OpenSSL::ASN1::ObjectId.new("1.2.840.113549.1.7.1"),
>>>       OpenSSL::ASN1::Sequence.new([
>>>         OpenSSL::ASN1::ObjectId.new("2.16.840.1.101.3.4.1.42"),
>>>         OpenSSL::ASN1::OctetString.new(iv)
>>>       ]),
>>>       OpenSSL::ASN1::OctetString.new(ciphertext, 0, :IMPLICIT)
>>>     ]),
>>>     OpenSSL::ASN1::Set.new([], 1, :IMPLICIT)
>>>   ], 0, :EXPLICIT)
>>> ])
>>>
>>> $stdout.write cms.to_der
>>>
>>> #>>>>>>>>>>>>>>>>>>>>>>>
>>>
>>> I feed it to openssl asn1parse as follows:
>>>
>>> ruby mail-list-question.rb | openssl asn1parse -inform DER
>>>
>>> What am I doing wrong?
>>
>> Why are you building this yourself using the ASN1 routines, rather than
>> just using OpenSSL's own CMS routines, e.g.:
>>
>> https://www.openssl.org/docs/crypto/CMS_encrypt.html
>>
>> Matt
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@openssl.org
>> Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to