openssl smime/cms unable to handle binary encoded message? (header too long:asn1)

Carlos Maynard carlosmaynard at
Sun Sep 15 11:05:49 UTC 2019

Hello gentlemen,

I am troubleshooting an issue with an AS2 setup, the error I'm getting is
AS1_get_obect:header too long:asn1. Playing with another system, I was able
to replicate the issue by switching the encoding from Base64 to Binary.

Before i get a smart response... the trading partner can't switch the
encoding from binary to base64,.. so here I am ;-)

Apparently openssl assumes that all SMIME messages are base64 encoded, and
balks when this is not the case?

Basically the transmission is an encrypted and signed. The decryption goes
well, but then the signature verification fails, the full error message is

139666245117592:error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long:asn1_lib.c:157:
139666245117592:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode
139666245117592:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1
sig parse error:asn_mime.c:490:

It looks like I'm not alone in this...

According to the link above... I should be able to discard the the headers
and handle the binary body with openssl. Copying/Pasting from the link

$ sed '1,/^\r$/d' <suA97544.mime >suA97544.body

$ openssl cms -uncompress -inform der -in suA97544.body

Now, when I try this suggestion... sed does strip the MIME headers, but
still when attempting to uncompress with openssl there is an error.

Error reading S/MIME message
140081090963096:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1217:
140081090963096:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1

I am hoping I am just missing something here... obviously openssl is not my
forte. :-)

For illustration purposes, here is the original structure:

content-type: multipart/signed;
protocol="application/pkcs7-signature"; micalg=SHA-1;

content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m

.... (Binary)
content-type: application/pkcs7-signature; name=EDIINTSIG.p7s

.... (Binary)

After sed... the structure looks like this... which fails to uncompress
with openssl

content-type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m

.... (Binary)
content-type: application/pkcs7-signature; name=EDIINTSIG.p7s

... (Binary)

openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER

Last but not least, if I split the two parts, remove the boundary and
content-type line... I can use pkcs7 to convert the binary content for each
individual file, and I get this, but I'm not sure that this is what I think
it is (the data what the next step would be. Talk about shooting in the
dark. LoL.

openssl pkcs7 -in 5d7aa60750796.dat.3 -inform DER
-----BEGIN PKCS7-----
-----END PKCS7-----

I suspect this is a compressed version of the actual message, but I can't
get any further. Any help, recommendations, thoughts would be greatly

Is there a solid openssl implementation that can handle the binary encoded
smime message?

Thanks in advance!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list