On 26 Jan 2018, at 18:55, Viktor Dukhovni wrote:
>
> This requires a pipeline of two cms(1) commands, one to sign and other
> to encrypt (S/MIME is generally a sign-then-encrypt encapsulation).
> The inner signed content would be the just the payload no mail headers.
openssl cms -sign \
> On Jan 26, 2018, at 10:13 AM, clou wrote:
>
> openssl cms -sign works perfect and sending an email.
>
> For encryption and sending an email I just get an email with an attachment
> smime.p7m.
>
> I use the following encryption command
>
> openssl cms -encrypt \
> -recip cert.pem \
Doesn't S/MIME permit the half-ephemeral ECDH algorithm where the
recipient's static ECDH certificate is combined with a per message
ephemeral ECDH key?
On 26/01/2018 18:20, Kyle Hamilton wrote:
On the algorithmic side of things, the ECDSA algorithm cannot encrypt.
It is signing-only.
In order
On the algorithmic side of things, the ECDSA algorithm cannot encrypt.
It is signing-only.
In order to use Elliptical Curves to encrypt, you would have to use
the "Elliptical Curve Diffie-Hellman" algorithm to perform a key
agreement. This requires that both the sender and the recipient have
EC k
openssl 1.1.0.f
ecdsa 512 certificate
openssl cms -sign works perfect and sending an email.
For encryption and sending an email I just get an email with an attachment
smime.p7m.
I use the following encryption command
openssl cms -encrypt \
-recip cert.pem \
-subject 'openssl en
