|

Computer Security

»

Encryption and Cryptography

»

»

CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData)

View: New views

8 Messages — Rating Filter: Alert me

	CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by malat :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, On Wed, Apr 29, 2009 at 9:41 PM, Dr. Stephen Henson <steve@...> wrote: > On Wed, Apr 29, 2009, Randy Turner wrote: > >> >> Just for my own edification, from this thread, it sounds like OpenSSL >> doesn't support password-protected >> PKCS#7 bundles....is this interpreation correct? >> > > No. It supports password encrypted data for PKCS#7. That uses the encrypted > data type. Handling of that type is necessary to process PKCS#12 structures. > > In CMS this type is a pwri structure as part of the enveloped data type. That > isn't currently supported. Quick question: what is the status of CMS with Password Based Encryption in OpenSSL 1.0 ? Thanks, -- Mathieu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by malat :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, Nov 4, 2009 at 12:17 PM, Mathieu Malaterre <mathieu.malaterre@...> wrote: > Hi, > > On Wed, Apr 29, 2009 at 9:41 PM, Dr. Stephen Henson <steve@...> wrote: >> On Wed, Apr 29, 2009, Randy Turner wrote: >> >>> >>> Just for my own edification, from this thread, it sounds like OpenSSL >>> doesn't support password-protected >>> PKCS#7 bundles....is this interpreation correct? >>> >> >> No. It supports password encrypted data for PKCS#7. That uses the encrypted >> data type. Handling of that type is necessary to process PKCS#12 structures. >> >> In CMS this type is a pwri structure as part of the enveloped data type. That >> isn't currently supported. > > Quick question: what is the status of CMS with Password Based > Encryption in OpenSSL 1.0 ? Answering to myself, it looks like it: *) Initial support for Cryptographic Message Syntax (aka CMS) based on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, support for data, signedData, compressedData, digestedData and encryptedData, envelopedData types included. Scripts to check against RFC4134 examples draft and interop and consistency checks of many content types and variants. [Steve Henson] This is really cool ! -- Mathieu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by Dr. Stephen Henson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 10, 2009, Mathieu Malaterre wrote: > On Wed, Nov 4, 2009 at 12:17 PM, Mathieu Malaterre > <mathieu.malaterre@...> wrote: > > Answering to myself, it looks like it: > > > *) Initial support for Cryptographic Message Syntax (aka CMS) based > on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, > support for data, signedData, compressedData, digestedData and > encryptedData, envelopedData types included. Scripts to check against > RFC4134 examples draft and interop and consistency checks of many > content types and variants. > [Steve Henson] > > > This is really cool ! > Actually PBE isn't included. AES key wrap is which can be handled on the command line but not PBES2 (or any other kind) of PBE at present. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by malat :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 10, 2009 at 4:56 PM, Dr. Stephen Henson <steve@...> wrote: > On Tue, Nov 10, 2009, Mathieu Malaterre wrote: > >> On Wed, Nov 4, 2009 at 12:17 PM, Mathieu Malaterre >> <mathieu.malaterre@...> wrote: >> >> Answering to myself, it looks like it: >> >> >> *) Initial support for Cryptographic Message Syntax (aka CMS) based >> on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, >> support for data, signedData, compressedData, digestedData and >> encryptedData, envelopedData types included. Scripts to check against >> RFC4134 examples draft and interop and consistency checks of many >> content types and variants. >> [Steve Henson] >> >> >> This is really cool ! >> > > Actually PBE isn't included. AES key wrap is which can be handled on the > command line but not PBES2 (or any other kind) of PBE at present. Hi Steve, Thanks for taking the time to answer, this will save me some time ! How hard would you say is this task (I have neither a previous knowledge of OpenSSL, nor a knowledge of cryptography) ? As a first step I would just like to decrypt a PBE RFC3852 blob (proof of concept). Thanks, -- Mathieu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by Dr. Stephen Henson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 10, 2009, Mathieu Malaterre wrote: > > Thanks for taking the time to answer, this will save me some time ! > How hard would you say is this task (I have neither a previous > knowledge of OpenSSL, nor a knowledge of cryptography) ? As a first > step I would just like to decrypt a PBE RFC3852 blob (proof of > concept). > Well if it was trivial I would've already added it. It needs quite a bit of knowledge of how the OpenSSL ASN1 code and the CMS stuff works internally. Do you have a sample PBE blob you want to decrypt? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by malat :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 10, 2009 at 5:15 PM, Dr. Stephen Henson <steve@...> wrote: > On Tue, Nov 10, 2009, Mathieu Malaterre wrote: > >> >> Thanks for taking the time to answer, this will save me some time ! >> How hard would you say is this task (I have neither a previous >> knowledge of OpenSSL, nor a knowledge of cryptography) ? As a first >> step I would just like to decrypt a PBE RFC3852 blob (proof of >> concept). >> > > Well if it was trivial I would've already added it. It needs quite a bit of > knowledge of how the OpenSSL ASN1 code and the CMS stuff works internally. ok :) > Do you have a sample PBE blob you want to decrypt? Here is one: $ wget http://idisk.mac.com/dclunie-Public/securedicomfileset.tar.bz2 $ openssl asn1parse -in DICOMDIR -inform DER It was generated using Bouncy Castle Thanks, -- Mathieu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by malat :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Steve, >> Do you have a sample PBE blob you want to decrypt? > > Here is one: > > $ wget http://idisk.mac.com/dclunie-Public/securedicomfileset.tar.bz2 > $ openssl asn1parse -in DICOMDIR -inform DER > > It was generated using Bouncy Castle I forgot to mention, if you need help from me, do not hesitate ! Thanks again, -- Mathieu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: CMS with PBE (Was Re: Decrypting a password encrypted pkcs7-envelopedData) by Dr. Stephen Henson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Nov 23, 2009, Mathieu Malaterre wrote: > Steve, > > >> Do you have a sample PBE blob you want to decrypt? > > > > Here is one: > > > > $ wget http://idisk.mac.com/dclunie-Public/securedicomfileset.tar.bz2 > > $ openssl asn1parse -in DICOMDIR -inform DER > > > > It was generated using Bouncy Castle > > I forgot to mention, if you need help from me, do not hesitate ! > I've added experimental support to HEAD. This seems to decrypt the example OK and can decrypt its own output. It adds a new option -pwri_password to the cms utility (will need something better at some point). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...