[openssl-users] How to "unwrap" S/MIME messages using openssl?

Viktor Dukhovni openssl-users at dukhovni.org
Thu Apr 6 19:15:17 UTC 2017

> On Apr 6, 2017, at 2:47 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
> Would you be able to provide me with a command line that would allow me to
> *decrypt* the message? My keys are on a hardware token, so I’ll have to use
> "–engine pkcs11 –keyform ENGINE"

I have no experience with engines and little interest at present in going there.

For CMS decryption without engines:

  $ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml

If the message is signed and then encrypted, you can then check the
signature on the decrypted output.  If it is encrypted then signed,
you can check the signature prior to decryption with 'openssl cms -verify'.


More information about the openssl-users mailing list