[openssl-users] How to "unwrap" S/MIME messages using openssl?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Thu Apr 6 18:47:33 UTC 2017
For S/MIME input:
$ openssl cms -in cms.eml -cmsout -print
For DER input:
$ openssl cms -inform DER -in cms.der -cmsout -print
Thank you!!!
The above gave me:
CMS_ContentInfo:
contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
. . . . .
originatorInfo: <ABSENT>
recipientInfos:
d.ktri:
version: <ABSENT>
d.issuerAndSerialNumber:
issuer: CN=<correct…>
serialNumber: 1468961193
keyEncryptionAlgorithm:
algorithm: rsaEncryption (1.2.840.113549.1.1.1)
parameter: NULL
encryptedKey:
0000 - bb 14 f6 cc 55 26 86 ca-71 b4 2f 55 11 f0 bb ....U&..q./U...
. . . . .
It showed me that the serial number of the intended recipient’s cert corresponded to the *signing* key and certificate (instead of the encryption key/cert). Which is why the legitimate clients refused to decrypt this email.
Would you be able to provide me with a command line that would allow me to *decrypt* the message? My keys are on a hardware token, so I’ll have to use “–engine pkcs11 –keyform ENGINE”…
Thanks!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170406/a16e6ebe/attachment.bin>
More information about the openssl-users
mailing list