RFC Errata
Found 3 records.
Status: Verified (2)
RFC 8886, "Secure Device Install", September 2020
Source of RFC: opsawg (ops)
Errata ID: 6298
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05
Verifier Name: Robert Wilton
Date Verified: 2024-01-12
Section A.1.1 says:
openssl ecparam -out privatekey.key -name prime256v1 -genkey
It should say:
openssl ecparam -out key.pem -name prime256v1 -genkey
Notes:
The rest of the appendix expects the name key.pem.
Errata ID: 6300
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05
Verifier Name: Robert Wilton
Date Verified: 2024-01-12
Section A.3.2 says:
$ openssl smime -decrypt -in SN19842256.enc -inform pkcs7\
-out config.cfg -inkey key.pem
It should say:
$ openssl smime -decrypt -in SN19842256.enc -inform PEM\
-out config.cfg -inkey key.pem
Notes:
Otherwise, OpenSSL fails with:
smime: Invalid format "pkcs7" for -inform
smime: Use -help for summary.
Status: Reported (1)
RFC 8886, "Secure Device Install", September 2020
Source of RFC: opsawg (ops)
Errata ID: 6299
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Stéphane Bortzmeyer
Date Reported: 2020-10-05
Section A.2.2 says:
openssl smime -encrypt -aes-256-cbc -in SN19842256.cfg \ -out SN19842256.enc \ -outform PEM SN19842256.crt
It should say:
No corrected text, I think it requires more changes in the previous command.
Notes:
The command in the RFC fails with:
Error creating PKCS#7 structure
140616744621440:error:21082096:PKCS7 routines:PKCS7_RECIP_INFO_set:encryption not supported for this key type:crypto/pkcs7/pk7_lib.c:487:
140616744621440:error:21073078:PKCS7 routines:PKCS7_encrypt:error adding recipient:crypto/pkcs7/pk7_smime.c:458:
A rapid glance in some online discussions seem to indicate that you cannot S/MIME encrypt with elliptic curves.
With RSA for the key, the command in the RFC works fine.