PKCS7_encrypt/decrypt with Stream Ciphers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS7_encrypt/decrypt with Stream Ciphers

gboyd-2

Hi,

Can a PKCS7 encrypted object use stream ciphers (eg RC4)? Is this a
standard or implementation issue? Its not clear to me that the pkcs7
standard limits use of the streaming ciphers.

I notice that the command line tool (openssl smime) only defines block
ciphers in its documentation.

Programatically I can call PKCS7_encrypt using enveloped mode specifying
a cipher type of RC4. However it falls over on decrypt because
EVP_CIPHER_asn1_to_param(called from PKCS7_dataDecode) returns -1
because there are no parameters  available for this cipher within the
envelope. But this worked in 0.9.7d.

I reviewed the CVS page for evp_lib.c (which contains
EVP_CIPHER_asn1_to_param) and a change between 0.9.7d and 0.9.8a
specifies that "Return an error if an attempt is made to encode or
decode cipher ASN1 parameters and the cipher doesn't support it."
(Check-in Number:12376, Files: openssl/crypto/evp/evp_lib.c
1.6.8.4->1.6.8.5).

The return code of -1 is interpreted in PKCS7_dataDecode() as a failure
and a general decrypt error is returned.

So I guess my question is: If PKCS7 allows the use of streaming ciphers
then is the interpretation of the result of EVP_CIPHER_asn1_to_param
correct in PKCS7_dataDecode? Or, is there a reason standard or otherwise
that stream ciphers should not be used in PKCS7 enveloped encryption?

Thanks in advance,
g

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7_encrypt/decrypt with Stream Ciphers

Dr. Stephen Henson
On Fri, Mar 17, 2006, Garth Boyd wrote:

>
> Hi,
>
> Can a PKCS7 encrypted object use stream ciphers (eg RC4)? Is this a
> standard or implementation issue? Its not clear to me that the pkcs7
> standard limits use of the streaming ciphers.
>

It is a standards issue. There isn't a standard which defines the use of RC4
in PKCS#7 structures. OpenSSL used to allow the use of RC4 but that was not by
design: it put garbage data in some fields.

There is also the security issues with stream ciphers in general. An example
would be that if there is any known plaintext in the encrypted message it
could be changed by an attacker.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]