[openssl-users] How to "unwrap" S/MIME messages using openssl?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Thu Apr 6 18:47:33 UTC 2017

    For S/MIME input:
       $ openssl cms -in cms.eml -cmsout -print
    For DER input:
       $ openssl cms -inform DER -in cms.der -cmsout -print

Thank you!!!

The above gave me:

  contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
  . . . . .
    originatorInfo: <ABSENT>
        version: <ABSENT>
          issuer: CN=<correct…>
          serialNumber: 1468961193
          algorithm: rsaEncryption (1.2.840.113549.1.1.1)
          parameter: NULL
          0000 - bb 14 f6 cc 55 26 86 ca-71 b4 2f 55 11 f0 bb   ....U&..q./U...
  . . . . . 

It showed me that the serial number of the intended recipient’s cert corresponded to the *signing* key and certificate (instead of the encryption key/cert). Which is why the legitimate clients refused to decrypt this email.

Would you be able to provide me with a command line that would allow me to *decrypt* the message? My keys are on a hardware token, so I’ll have to use “–engine pkcs11 –keyform ENGINE”…

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170406/a16e6ebe/attachment.bin>

More information about the openssl-users mailing list