For S/MIME there are Authenticated encryption features in RFC 5083, 5084 and 5652
Due to attacks that might be similar to attacks on OpenPGP without MDC GnuPG should also support Authenticated Encryption features for S/MIME.
For S/MIME there are Authenticated encryption features in RFC 5083, 5084 and 5652
Due to attacks that might be similar to attacks on OpenPGP without MDC GnuPG should also support Authenticated Encryption features for S/MIME.
rG GnuPG | |||
rG4980fb3c6dde sm: Support AES-GCM decryption. |
Openssl since version 3 supports aes-gcm and aria-gcm in cms. CMS has a different wrapper for AEAD. openssl Pull Request. I created test files (nistp384 key, certificates, messages), perhaps it will be useful.
$ gpgsm --version gpgsm (GnuPG) 2.4.3 libgcrypt 1.10.2 libksba 1.6.4 $ kleopatra -v Gpg4win-4.2.0 $ gpgsm --import -v --batch credential_private_encrypted_3DES.p12 $ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes128cbc.der $ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes128cbc.pem $ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes192cbc.der $ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes192cbc.pem $ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes256cbc.der $ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes256cbc.pem → OK $ kleopatra -d R:\envelopedData\encrypted_aes128cbc.der $ kleopatra -d R:\envelopedData\encrypted_aes128cbc.pem $ kleopatra -d R:\envelopedData\encrypted_aes192cbc.der $ kleopatra -d R:\envelopedData\encrypted_aes192cbc.pem $ kleopatra -d R:\envelopedData\encrypted_aes256cbc.der $ kleopatra -d R:\envelopedData\encrypted_aes256cbc.pem → OK
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes128gcm.der $ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes128gcm.pem $ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes192gcm.der $ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes192gcm.pem $ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes256gcm.der $ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes256gcm.pem gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup gpgsm: enabled compatibility flags: gpgsm: DBG: [no clock] keydb_new: enter gpgsm: DBG: [no clock] keydb_new: leave (hd=0x0078e740) gpgsm: error getting IV: Bufor zbyt mały gpgsm: message decryption failed: Bufor zbyt mały <KSBA> gpgsm: DBG: [no clock] keydb_release: enter (hd=0x0078e740) gpgsm: DBG: [no clock] keydb_release: leave random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 rndjent stat: collector=00000000 calls=0 bytes=0 secmem usage: 0/16384 bytes in 0 blocks $ kleopatra -d R:\authEnvelopedData\encrypted_aes128gcm.der $ kleopatra -d R:\authEnvelopedData\encrypted_aes128gcm.pem $ kleopatra -d R:\authEnvelopedData\encrypted_aes192gcm.der $ kleopatra -d R:\authEnvelopedData\encrypted_aes192gcm.pem $ kleopatra -d R:\authEnvelopedData\encrypted_aes256gcm.der $ kleopatra -d R:\authEnvelopedData\encrypted_aes256gcm.pem → error
$ openssl cms -decrypt -inform PEM -in "encrypted_aes256gcm.pem" -inkey "key_user.pem" Content-Type: text/plain; charset=utf-8 This is a sample encrypted message. $ openssl cms -decrypt -text -inform PEM -in "encrypted_aes256gcm.pem" -inkey "key_user.pem" This is a sample encrypted message.