openssl cms -decrypt doesn't work properly when using an engine
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I'm using:
bsci@ip-
Description: Ubuntu 20.04.3 LTS
Release: 20.04
bsci@ip-
openssl:
Installed: 1.1.1f-1ubuntu2.10
Candidate: 1.1.1f-1ubuntu2.10
Version table:
*** 1.1.1f-1ubuntu2.10 500
500 http://
100 /var/lib/
1.
500 http://
1.
500 http://
I have a private EC key held in a TPM 2.0 platform hierarchy. I'm encrypting a message like this:
openssl cms -encrypt -in message.txt -out message.cipher transport.pem
Here, transport.pem is the cert. for the EC key held in the TPM. I'm attempting to decrypt like this:
openssl cms -decrypt -in message.cipher -out /dev/stdout -inkey 0x81800001 -keyform engine -engine tpm2tss -recip transport.pem
Instead of seeing the original message text, I'm getting the following error:
engine "tpm2tss" set.
Error decrypting CMS using private key
139626757388096
It seems that the code is expecting the actual private key instead of using the key held in the TPM?
Hi, I've been trying to understand this but I've been unsuccessful so far.
Does it still happen on Ubuntu 22.04 (and 23.04)? Can you reproduce it without the engine?