Help with PKCS7 format

Discussion:

(too old to reply)

Claudiu Stanciu

2011-06-10 14:28:06 UTC

Hy. I am trying to encrypt a text into a pkcs7 format without using PKCS7_encrypt, because i want to control the key used. So I have done almost everything, but can't put the IV in the pkcs7 data. trying to obtain a PKCS7 enveloped data with aes_cbc_256 encryption.
I can't understand where to put the IV. I've done a normal encryption using PKCS7_encrypt and saw that it goes into the encryptedcontentinfo, between the used algorithm name and the actual encrypted data.
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm
ContentEncryptionAlgorithmIdentifier,
encryptedContent <---- i think it goes here
[0] IMPLICIT EncryptedContent OPTIONAL }

EncryptedContent ::= OCTET STRING

Apreciate the help on this one. PS: here is a little part of the code used so far:

    PKCS7_set_type ( pkcs7, NID_pkcs7_enveloped );
    ASN1_OCTET_STRING *encrypted_data = ASN1_OCTET_STRING_new();
    ASN1_OCTET_STRING_set ( encrypted_data, encrypted_output, inSize );

    PKCS7_ENVELOPE *p7_envelope = PKCS7_ENVELOPE_new();
    X509_ALGOR *p7_alg = X509_ALGOR_new();
    X509_ALGOR_set0( p7_alg, OBJ_nid2obj(NID_aes_256_cbc), V_ASN1_NULL, 0 );

    ASN1_OCTET_STRING *aes_key_asn1 = ASN1_OCTET_STRING_new();
    ASN1_OCTET_STRING_set ( aes_key_asn1, aesKey_enc, 256 );


    PKCS7_RECIP_INFO *info = PKCS7_RECIP_INFO_new();
    PKCS7_RECIP_INFO_set ( info, cert );
    info->enc_key = aes_key_asn1;


    pkcs7->d.enveloped->enc_data->algorithm = p7_alg;
    pkcs7->d.enveloped->enc_data->enc_data = encrypted_data;
    PKCS7_add_recipient_info ( pkcs7, info );

Dr. Stephen Henson

2011-06-10 17:14:33 UTC

Permalink

Post by Claudiu Stanciu
Hy. I am trying to encrypt a text into a pkcs7 format without using PKCS7_encrypt, because i want to control the key used. So I have done almost everything, but can't put the IV in the pkcs7 data. trying to obtain a PKCS7 enveloped data with aes_cbc_256 encryption.
I can't understand where to put the IV. I've done a normal encryption using PKCS7_encrypt and saw that it goes into the encryptedcontentinfo, between the used algorithm name and the actual encrypted data.
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm
ContentEncryptionAlgorithmIdentifier,
encryptedContent <---- i think it goes here
[0] IMPLICIT EncryptedContent OPTIONAL }
EncryptedContent ::= OCTET STRING

It is part of the contentEncryptionAlgorithm.

Post by Claudiu Stanciu
    PKCS7_set_type ( pkcs7, NID_pkcs7_enveloped );
    ASN1_OCTET_STRING *encrypted_data = ASN1_OCTET_STRING_new();
    ASN1_OCTET_STRING_set ( encrypted_data, encrypted_output, inSize );
    PKCS7_ENVELOPE *p7_envelope = PKCS7_ENVELOPE_new();
    X509_ALGOR *p7_alg = X509_ALGOR_new();
    X509_ALGOR_set0( p7_alg, OBJ_nid2obj(NID_aes_256_cbc), V_ASN1_NULL, 0 );

Create an ASN1_OCTET_STRING with the IV in it. Set the type above to
V_ASN1_OCTET_STRING and pass that octet string as the parameter.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Claudiu Stanciu

2011-06-11 16:31:51 UTC

Permalink

Need some help again. I'm doing the decryption now. Done almost everything, but have a question related to the public key of the recipient.
So i encrypted a text into PKCS7 enveloped data. Now, I am reading from that structure the symmetric key IV and the encrypted data with the symmetric key.
How do I read the Public Key of the recipient and his encrypted symmetric key?

I tryed the following, but not sure is the right way. I load the serial number of the recipient from his certificate, and started comparing it with does from the PKCS7 file, using the stack sk_PKCS7_RECIP_INFO. If i find the serial, then i copy the symmetric encrypted file from the stack. Big question now because I didn't understood the structure of the PKCS7. The Public Key of the recipient is loaded from his certificate or from the PKCS7 structure? Because I don't see it in the PKCS7 file and when i tryed to open it, i receive an error that it doesn't have a good format. I want to specify that I also did a simple program using PKCS7_encrypt () and compared the result to mine and they are identical. But also can't open neither of them.

many thanks for the helped and for your time.

Dave Thompson

2011-06-14 23:18:54 UTC

Permalink

Sent: Saturday, 11 June, 2011 12:32

Aside: not sure what this delay is. Headers (on my copy, going up)
show originate yahoo near 06-11 09:32 -7 = 16:32Z and (consistent)
Received by master.openssl.org 06-11 18:34 +2, then X-Greylist
delayed 145 seconds, then Received 06-14 10:10 +2 repeated 3 times
(with Delivered-to the listname twice), and then to my mailhost
06-14 04:14 -4 (consistent). Weird. (My Outlook is in -4 and
displays and quotes as 12:32 without zone. Yeah, lame.)

Need some help again. I'm doing the decryption now. Done almost
everything, but have a question related to the public key of the

recipient.

So i encrypted a text into PKCS7 enveloped data. Now, I am
reading from that structure the symmetric key IV and the encrypted
data with the symmetric key.
How do I read the Public Key of the recipient and his
encrypted symmetric key?

Recipient doesn't use publickey, it uses privatekey. It can
use the cert (containing publickey) to *identify* the keypair.

I tryed the following, but not sure is the right way. I load
the serial number of the recipient from his certificate, and
started comparing it with does from the PKCS7 file, using the
stack sk_PKCS7_RECIP_INFO. If i find the serial, then i copy

To be exact, I hope you mean the recipientinfo field of a
PKCS7_ENVELOPE struct, probably the envelope choice in PKCS7
union, using the sk_PKCS7_RECIP_INFO_* routines.

Given the (traditional) issuer-serial choice is used,
you should compare both issuer and serial. Serial by itself
is not reliably unique. Unless you are in an environment
where there is only one (acceptable) issuer, such as perhaps
within certain government agencies.

See PKCS7_dataDecode and related in crypto/pkcs7/pk7_doit.c
(but skip the signed parts, and you don't need to go through
a BIO_f_cipher to do symmetric decrypt if you don't want to).

the symmetric encrypted file from the stack. Big question now

Presumably you mean the enc_key field of the stack *element*
(i.e. the/a RECIP_INFO struct). *For key transfer like RSA*
that is the DEK encrypted under the recipient publickey.
To decrypt it, you need the recipient *privatekey* matching
the publickey in the cert, which was used by the encrypter.

*For openssl using (default) PEM format* you can store the
privatekey in the same file as the cert (and/or publickey)
and some people do. Or you can store them in separate files,
linked somehow (maybe an index). Or you can store them in
a PKCS12. Or any other method of your own, like a database.

because I didn't understood the structure of the PKCS7.
The Public Key of the recipient is loaded from his certificate
or from the PKCS7 structure? Because I don't see it in the PKCS7
file and when i tryed to open it, i receive an error that it doesn't
have a good format. <snip>

A PKCS7 is neither a publickey nor a privatekey. It is a PKCS7.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Claudiu Stanciu

2011-06-16 09:39:28 UTC

Permalink

Thanks for the answer and for clearing things, but I actually managed to do it last weekend. It was a delay in posting on the forum. But really thanks, because now I see that I have done things right.