On Wed, Nov 12, 2014 at 6:29 PM, Dr. Stephen Henson wrote:
> The OpenSSL version uses indefinite length encoding so you see the construted
> encrypted content tag and an OCTET STRING content. If you didn't use streaming
> for the OpenSSL version it would've looked similar.
Ah, that was the missin
On Wed, Nov 12, 2014, Sheldon Hearn wrote:
> Hmmm, looking at your suggestion more closely, there's more to it than
> that. When the client holds nothing but the symmetric key used to
> produce the ciphertext, I think it needs an Encrypted-Data, not an
> Enveloped-Data. The CMS_encrypt(3) function
On Wed, Nov 12, 2014, Sheldon Hearn wrote:
> I'm building a secret store, kinda like LastPass for services, where
> developers encrypt application secrets and place the ciphertext in the
> store, and then applications fetch the ciphertext and decrypt the secrets
> using a key that they were given
Thanks for the suggestion, Matt. As far as I know, ruby's openssl
bindings don't expose CMS_encrypt. :-(
On Wed, Nov 12, 2014 at 11:25 AM, Matt Caswell wrote:
>
>
> On 12/11/14 09:07, Sheldon Hearn wrote:
>> The AES-IV is present, but the ciphertext is not. I've boiled the ruby
>> code down for t
Hmmm, looking at your suggestion more closely, there's more to it than
that. When the client holds nothing but the symmetric key used to
produce the ciphertext, I think it needs an Encrypted-Data, not an
Enveloped-Data. The CMS_encrypt(3) function produces an
Enveloped-Data.
On Wed, Nov 12, 2014 a
On 12/11/14 09:07, Sheldon Hearn wrote:
> The AES-IV is present, but the ciphertext is not. I've boiled the ruby
> code down for the purposes of asking this question:
>
> #>>>
>
> require 'openssl'
>
> cleartext = "The cake is a lie!"
>
> cipher = OpenSSL::Cipher::AES256.n
I'm building a secret store, kinda like LastPass for services, where
developers encrypt application secrets and place the ciphertext in the
store, and then applications fetch the ciphertext and decrypt the secrets
using a key that they were given by the runtime environment.
This moves the problem
