Super User Asked by lmr2391 on January 19, 2021
I’m trying to use openssl to encrypt a message using S/MIME with RSAES-OAEP key encryption. The command I used without that key encryption option is
openssl cms -encrypt -in message.txt -out encrypted_message.txt public.cer
However, if I supply -keyopt rsa_padding_mode:oaep as a parameter
openssl cms -encrypt -in message.txt -out encrypted_message.txt -keyopt rsa_padding:mode:oaep public.cer
I get the error message
No key specified
From looking at the documentation of openssl cms I presume, I need to supply a -recip parameter. However, passing in the public certificate at hand doesn’t work.
What would be the correct command to encrypt a message with RSAES-OAEP? Or are there any specific certificate requirements to allow this?
For reference, I created the certificates using this chain of commands
# Generate an authority
openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create a certificate
openssl genrsa -out smime.key 4096
openssl req -new -key smime.key -out smime.csr
openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12
# Export public certificate
openssl pkcs12 -in smime.p12 -clcerts -nokeys -out public.cer
# Export private certificate
openssl pkcs12 -in smime.p12 -nodes -out private.pem
# Without oaes it works
openssl cms -encrypt -in message.txt -out encrypted_message.txt public.cer
openssl cms -decrypt -in encrypted_message.txt -out decrypted_message.txt -inkey private.pem
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP