1 (edited by bachelet_safi 2016-08-12 02:32:47)

Topic: PKCS#7 (CMS) only supports DES and 3DES

Hi all,

I began to code for using PKCS#7 (CMS) with wolfCrypt but, after preparing all needed, once I was going to use wc_PKCS7_EncodeData function, I couldn't define encryptOID (key encryption algorithm OID) to AES (precisely AES 128 Mode CBC). PKCS#7 only supports DES and 3DES.

/* build PKCS#7 envelopedData content type, return enveloped size */
int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
    /* PKCS#7 only supports DES, 3DES for now */
    switch (pkcs7->encryptOID) {
        case DESb:
            blockKeySz = DES_KEYLEN;

        case DES3b:
            blockKeySz = DES3_KEYLEN;

            WOLFSSL_MSG("Unsupported content cipher type");
            return ALGO_ID_E;

Why wolfCrypt doesn't support AES? I needed to use PKCS#7 with AES to meet specifications. Have you got a solution for me?



Re: PKCS#7 (CMS) only supports DES and 3DES


At the time our PKCS#7 implementation was written, it only needed to support DES and 3DES encrypt cipher types for EnvelopedData.

I have added this request to our desired features list.