RFC Errata
RFC 8886, "Secure Device Install", September 2020
Source of RFC: opsawg (ops)
Errata ID: 6299
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05
Section A.2.2 says:
openssl smime -encrypt -aes-256-cbc -in SN19842256.cfg \ -out SN19842256.enc \ -outform PEM SN19842256.crt
It should say:
No corrected text, I think it requires more changes in the previous command.
Notes:
The command in the RFC fails with:
Error creating PKCS#7 structure
140616744621440:error:21082096:PKCS7 routines:PKCS7_RECIP_INFO_set:encryption not supported for this key type:crypto/pkcs7/pk7_lib.c:487:
140616744621440:error:21073078:PKCS7 routines:PKCS7_encrypt:error adding recipient:crypto/pkcs7/pk7_smime.c:458:
A rapid glance in some online discussions seem to indicate that you cannot S/MIME encrypt with elliptic curves.
With RSA for the key, the command in the RFC works fine.