RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 3 records.

Status: Reported (3)

RFC 8886, "Secure Device Install", September 2020

Source of RFC: opsawg (ops)

Errata ID: 6298
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05

Section A.1.1 says:

openssl ecparam -out privatekey.key -name prime256v1 -genkey

It should say:

openssl ecparam -out key.pem -name prime256v1 -genkey

Notes:

The rest of the appendix expects the name key.pem.

Errata ID: 6299
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05

Section A.2.2 says:

 openssl smime -encrypt -aes-256-cbc -in SN19842256.cfg \
 -out SN19842256.enc \ 
 -outform PEM SN19842256.crt

It should say:

No corrected text, I think it requires more changes in the previous 
command.

Notes:

The command in the RFC fails with:

Error creating PKCS#7 structure
140616744621440:error:21082096:PKCS7 routines:PKCS7_RECIP_INFO_set:encryption not supported for this key type:crypto/pkcs7/pk7_lib.c:487:
140616744621440:error:21073078:PKCS7 routines:PKCS7_encrypt:error adding recipient:crypto/pkcs7/pk7_smime.c:458:

A rapid glance in some online discussions seem to indicate that you cannot S/MIME encrypt with elliptic curves.

With RSA for the key, the command in the RFC works fine.

Errata ID: 6300
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05

Section A.3.2 says:

   $ openssl smime -decrypt -in SN19842256.enc -inform pkcs7\
      -out config.cfg -inkey key.pem

It should say:

   $ openssl smime -decrypt -in SN19842256.enc -inform PEM\
      -out config.cfg -inkey key.pem

Notes:

Otherwise, OpenSSL fails with:

smime: Invalid format "pkcs7" for -inform
smime: Use -help for summary.

Report New Errata