RFC 8886, "Secure Device Install", September 2020

Errata ID: 6299
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05

Section A.2.2 says:

 openssl smime -encrypt -aes-256-cbc -in SN19842256.cfg \
 -out SN19842256.enc \ 
 -outform PEM SN19842256.crt

It should say:

No corrected text, I think it requires more changes in the previous 
command.

Notes:

The command in the RFC fails with:

Error creating PKCS#7 structure
140616744621440:error:21082096:PKCS7 routines:PKCS7_RECIP_INFO_set:encryption not supported for this key type:crypto/pkcs7/pk7_lib.c:487:
140616744621440:error:21073078:PKCS7 routines:PKCS7_encrypt:error adding recipient:crypto/pkcs7/pk7_smime.c:458:

A rapid glance in some online discussions seem to indicate that you cannot S/MIME encrypt with elliptic curves.

With RSA for the key, the command in the RFC works fine.

Report New Errata