Thanks for the suggestion, Matt. As far as I know, ruby's openssl
bindings don't expose CMS_encrypt. :-(
On Wed, Nov 12, 2014 at 11:25 AM, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 12/11/14 09:07, Sheldon Hearn wrote:
>> The AES-IV is present, but the ciphertext is not. I've boiled the ruby
>> code down for the purposes of asking this question:
>>
>> #>>>>>>>>>>>>>>>>>>>>>>>
>>
>> require 'openssl'
>>
>> cleartext = "The cake is a lie!"
>>
>> cipher = OpenSSL::Cipher::AES256.new(:CBC)
>> cipher.encrypt
>> cipher.random_key
>> iv = cipher.random_iv
>> ciphertext = cipher.update(cleartext) + cipher.final
>>
>> cms = OpenSSL::ASN1::Sequence.new([
>> OpenSSL::ASN1::ObjectId.new("1.2.840.113549.1.7.6"),
>> OpenSSL::ASN1::Sequence.new([
>> OpenSSL::ASN1::Integer.new(0),
>> OpenSSL::ASN1::Sequence.new([
>> OpenSSL::ASN1::ObjectId.new("1.2.840.113549.1.7.1"),
>> OpenSSL::ASN1::Sequence.new([
>> OpenSSL::ASN1::ObjectId.new("2.16.840.1.101.3.4.1.42"),
>> OpenSSL::ASN1::OctetString.new(iv)
>> ]),
>> OpenSSL::ASN1::OctetString.new(ciphertext, 0, :IMPLICIT)
>> ]),
>> OpenSSL::ASN1::Set.new([], 1, :IMPLICIT)
>> ], 0, :EXPLICIT)
>> ])
>>
>> $stdout.write cms.to_der
>>
>> #>>>>>>>>>>>>>>>>>>>>>>>
>>
>> I feed it to openssl asn1parse as follows:
>>
>> ruby mail-list-question.rb | openssl asn1parse -inform DER
>>
>> What am I doing wrong?
>
> Why are you building this yourself using the ASN1 routines, rather than
> just using OpenSSL's own CMS routines, e.g.:
>
> https://www.openssl.org/docs/crypto/CMS_encrypt.html
>
> Matt
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
