CMS in openssl

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

CMS in openssl

Michael Mueller
Greetings esteemed openssl users,

We've implemented what I gather can be called a CMS on Linux and Windows using openssl evp functions.

We need to expand this CMS to other systems, on which we have not been able to build openssl. These other systems have a vendor supplied security application. This application supports PKCS7.

We are being asked if our evp CMS is interoperable with PKCS7.

If it is possible and more information is required to answer this question, I'll provide such information.

If not, advice on how to present that argument to management would be appreciated.

Thank you for your assistance
Mike


Reply | Threaded
Open this post in threaded view
|

Re: CMS in openssl

Michael Richardson

Michael Mueller <[hidden email]> wrote:
    > We've implemented what I gather can be called a CMS on Linux and Windows
    > using openssl evp functions.

I'm not sure why you say it this way.
OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
Did you implement RFC3369, or something else?

You don't say if this is email or something else.

    > We need to expand this CMS to other systems, on which we have not been able
    > to build openssl. These other systems have a vendor supplied security
    > application. This application supports PKCS7.

    > We are being asked if our evp CMS is interoperable with PKCS7.

CMS (RFC3369/2630) is an upward revision to PKCS7 (RFC2315) 1.5.
CMS can read PKCS7 messages, but converse is not true.

I think it is possible to configure the CMS routines to produce PKCS7
messages, but I didn't do this in my RFC8366 support. I just forklift
upgraded to CMS.

    > If it is possible and more information is required to answer this question,
    > I'll provide such information.

    > If not, advice on how to present that argument to management would be
    > appreciated.

You will understand them, but they won't understand you.

You may be able to configure your end to generate PKCS7 easily, and it may
have little effect.  This might degenerate until just using PKCS7 everywhere.

The major difference is the eContentType that is lacking in PKCS7.
And algorithms: I think that there are few modern algorithms defined for PKCS7.

You could easily run in PKCS7 mode until you receive a CMS message from the
peer, and then upgrade to CMS.  But this winds up in a bid-down attack if
both parties run this algorithm, so you'd want to insert some extension that
said: "I can do CMS" into your PKCS7 messages.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [



signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: CMS in openssl

OpenSSL - User mailing list
A few corrections:

OpenSSL included CMS (RFC3369) support since 1.0.0 (see the CHANGES
file), though for a long time, there was an arbitrary disconnect between
functions named CMS and functions named PKCS#7 even though it should
have been a continuum.

The PKCS#7 and CMS standards equally and fully support any
non-interactive algorithm that has been assigned an OID, from
RSA+MD2+DES to HSS/LSS+STREEBOG+CAMELIA, no artifical version
dependencies like in the OpenSSL interpretation of TLS.

On 2020-04-22 03:46, Michael Richardson wrote:

> Michael Mueller <[hidden email]> wrote:
>      > We've implemented what I gather can be called a CMS on Linux and Windows
>      > using openssl evp functions.
>
> I'm not sure why you say it this way.
> OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
> Did you implement RFC3369, or something else?
>
> You don't say if this is email or something else.
>
>      > We need to expand this CMS to other systems, on which we have not been able
>      > to build openssl. These other systems have a vendor supplied security
>      > application. This application supports PKCS7.
>
>      > We are being asked if our evp CMS is interoperable with PKCS7.
>
> CMS (RFC3369/2630) is an upward revision to PKCS7 (RFC2315) 1.5.
> CMS can read PKCS7 messages, but converse is not true.
>
> I think it is possible to configure the CMS routines to produce PKCS7
> messages, but I didn't do this in my RFC8366 support. I just forklift
> upgraded to CMS.
>
>      > If it is possible and more information is required to answer this question,
>      > I'll provide such information.
>
>      > If not, advice on how to present that argument to management would be
>      > appreciated.
>
> You will understand them, but they won't understand you.
>
> You may be able to configure your end to generate PKCS7 easily, and it may
> have little effect.  This might degenerate until just using PKCS7 everywhere.
>
> The major difference is the eContentType that is lacking in PKCS7.
> And algorithms: I think that there are few modern algorithms defined for PKCS7.
>
> You could easily run in PKCS7 mode until you receive a CMS message from the
> peer, and then upgrade to CMS.  But this winds up in a bid-down attack if
> both parties run this algorithm, so you'd want to insert some extension that
> said: "I can do CMS" into your PKCS7 messages.
>
>
Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Reply | Threaded
Open this post in threaded view
|

Re: CMS in openssl

Michael Mueller
In reply to this post by Michael Richardson


On Tue, Apr 21, 2020, 9:46 PM Michael Richardson <[hidden email]> wrote:

Michael Mueller <[hidden email]> wrote:
    > We've implemented what I gather can be called a CMS on Linux and Windows
    > using openssl evp functions.

I'm not sure why you say it this way.
OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
Did you implement RFC3369, or something else?

You don't say if this is email or something else.

My bad. I thought CMS could be used as a generic reference to packaging encrypted messages. 

We are not implementing CMS as specified by IETF.

We used the openssl evp functions to quickly improve the security of an existing proprietary data exchange system.

Now we are being asked if our evp based solution can interoperate with a system that may support PKCS7. The thought is PKCS7 would be used to envelope data in a manner similar to how the evp functions operate. 

The request came up because the word "envelope" is used to describe evp and PKCS7 functionality.

I suspect that evp functions are not compatible with PKCS7, but I don't know how to easily confirm this. I also suspect it will be difficult to explain why they are incompatible.

If evp and PKCS7 are incompatible, we might be asked if we can use PKCS7 enveloping instead of evp.

Any insights, thoughts, advice, code to read, etc would be appreciated.


    > We need to expand this CMS to other systems, on which we have not been able
    > to build openssl. These other systems have a vendor supplied security
    > application. This application supports PKCS7.

    > We are being asked if our evp CMS is interoperable with PKCS7.

CMS (RFC3369/2630) is an upward revision to PKCS7 (RFC2315) 1.5.
CMS can read PKCS7 messages, but converse is not true.

I think it is possible to configure the CMS routines to produce PKCS7
messages, but I didn't do this in my RFC8366 support. I just forklift
upgraded to CMS.

    > If it is possible and more information is required to answer this question,
    > I'll provide such information.

    > If not, advice on how to present that argument to management would be
    > appreciated.

You will understand them, but they won't understand you.

You may be able to configure your end to generate PKCS7 easily, and it may
have little effect.  This might degenerate until just using PKCS7 everywhere.

The major difference is the eContentType that is lacking in PKCS7.
And algorithms: I think that there are few modern algorithms defined for PKCS7.

You could easily run in PKCS7 mode until you receive a CMS message from the
peer, and then upgrade to CMS.  But this winds up in a bid-down attack if
both parties run this algorithm, so you'd want to insert some extension that
said: "I can do CMS" into your PKCS7 messages.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


Reply | Threaded
Open this post in threaded view
|

Re: CMS in openssl

Michael Richardson

Michael Mueller <[hidden email]> wrote:
    >> Michael Mueller <[hidden email]> wrote:
    >> > We've implemented what I gather can be called a CMS on Linux and
    >> Windows
    >> > using openssl evp functions.
    >>
    >> I'm not sure why you say it this way.
    >> OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
    >> Did you implement RFC3369, or something else?
    >>
    >> You don't say if this is email or something else.
    >>

    > My bad. I thought CMS could be used as a generic reference to packaging
    > encrypted messages.

    > We are not implementing CMS as specified by IETF.

    > We used the openssl evp functions to quickly improve the security of an
    > existing proprietary data exchange system.

    > Now we are being asked if our evp based solution can interoperate with a
    > system that may support PKCS7. The thought is PKCS7 would be used to
    > envelope data in a manner similar to how the evp functions operate.

I don't think you will find any compatibility.

You can use the PKCS7 functions to process that kind of data.
Or future proof and use CMS functions to read, and figure out how you will
write/send messages.

    > I suspect that evp functions are not compatible with PKCS7, but I don't
    > know how to easily confirm this. I also suspect it will be difficult to
    > explain why they are incompatible.

    > If evp and PKCS7 are incompatible, we might be asked if we can use PKCS7
    > enveloping instead of evp.

    > Any insights, thoughts, advice, code to read, etc would be appreciated.

I think you should consider if you want to move to PKCS7.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: CMS in openssl

Michael Mueller


On Wed, Apr 22, 2020, 2:56 PM Michael Richardson <[hidden email]> wrote:

Michael Mueller <[hidden email]> wrote:
    >> Michael Mueller <[hidden email]> wrote:
    >> > We've implemented what I gather can be called a CMS on Linux and
    >> Windows
    >> > using openssl evp functions.
    >>
    >> I'm not sure why you say it this way.
    >> OpenSSL includes CMS (RFC3369) support, but I think not until 1.1.0.
    >> Did you implement RFC3369, or something else?
    >>
    >> You don't say if this is email or something else.
    >>

    > My bad. I thought CMS could be used as a generic reference to packaging
    > encrypted messages.

    > We are not implementing CMS as specified by IETF.

    > We used the openssl evp functions to quickly improve the security of an
    > existing proprietary data exchange system.

    > Now we are being asked if our evp based solution can interoperate with a
    > system that may support PKCS7. The thought is PKCS7 would be used to
    > envelope data in a manner similar to how the evp functions operate.

I don't think you will find any compatibility.

You can use the PKCS7 functions to process that kind of data.
Or future proof and use CMS functions to read, and figure out how you will
write/send messages

Today we learned that we have PKCS7 1.5 & 1.6 and RFC 3852 are available on the "older" system. 

Also was guided to CMS specs, and the CMS tools and functions in openssl.

We'll experiment with the openssl cms functions on linux and the older system independently. If that works, we'll try interworking linux with the older system. If that works, we'll toggle from evp to cms if the older system is involved.

Thank you all for your help.


    > I suspect that evp functions are not compatible with PKCS7, but I don't
    > know how to easily confirm this. I also suspect it will be difficult to
    > explain why they are incompatible.

    > If evp and PKCS7 are incompatible, we might be asked if we can use PKCS7
    > enveloping instead of evp.

    > Any insights, thoughts, advice, code to read, etc would be appreciated.

I think you should consider if you want to move to PKCS7.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [