DEVHIDE
Login Or Sign up

openssl CMS decryption fails

761 Views Asked by At

openssl cms -decrypt -in cms.txt -recip my_cert.pem -inkey private_key.pem

Error reading S/MIME message 140064210231744:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no content type:../crypto/asn1/asn_mime.c:391

encryption openssl certificate content-management-system smime
Original Q&A
2

There are 2 best solutions below

0
On

Did you check the correct header of your cms.txt ?

MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64
0
On

I don't know what in cms.txt is. So, let me create my own.

First, I create the recipient's keypair with mkcert:

➤ mkcert --client [email protected]
Created a new local CA at "/home/user/.local/share/mkcert" 
Warning: the local CA is not installed in the system trust store! ⚠️
Warning: the local CA is not installed in the Firefox and/or Chrome/Chromium trust store! ⚠️
Warning: the local CA is not installed in the Java trust store! ⚠️
Run "mkcert -install" to avoid verification errors ‼️

Created a new certificate valid for the following names 
 - "[email protected]"

The certificate is at "./[email protected]" and the key at "./[email protected]" ✅
➤ ls -1
'[email protected]'
'[email protected]'

Let's create the cms.txt:

➤ echo "my secret message: blablub" | \
     openssl cms \
       -encrypt -aes256 -from [email protected] \
       -to [email protected] -subject "The secret" \
       -out cms.txt [email protected]
➤ cat cms.txt
To: [email protected]
From: [email protected]
Subject: The secret
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIB6AYJKoZIhvcNAQcDoIIB2TCCAdUCAQAxggGAMIIBfAIBADBkME8xHjAcBgNV
BAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTESMBAGA1UECwwJZGF2aWRAZGV4MRkw
FwYDVQQDDBBta2NlcnQgZGF2aWRAZGV4AhEAoS96wv/xKf/SKjgx3jJZxjANBgkq
hkiG9w0BAQEFAASCAQBmAwUHtaYweTiRgUlYx6B4WNylEIMXnG957cGzm397O+36
B8foGVpatYjaD3AjaNsgmqvklOqst8Y+5bpKk04gJSRffDj/cG3jYEgcq74mWaXO
1TE74UYoJvRaTDOX9SINyNl3TrP7fET2FqdspgejwqfwWWf+2acadR5MpiG6TANK
r9p/xchEwgc1pZEjHaxbMQLP3EuE16W6FMEsc7Ug5RxzvCtJ2KdTuIAQLNgZXwpJ
LLUZEHNNt9HW3yaGJEx+d9bVDYDMtghpoH7I5YrdoIUbVn7yZ/iN7+4L4MHODXCA
TBrmzBLWOz3y4mshzXsMIwAIbZIziaRFvFb0BYgrMEwGCSqGSIb3DQEHATAdBglg
hkgBZQMEASoEEJer1N1GGwOEJoXqAuxiJwaAIMGvrsbEwn4ZYARG09hkm2NBSqBJ
vRm9YcVN0d7S/EDz

You have to apply decryption only on the part which comes after the empty line:

➤ sed -n '/^$/,/^$/p' cms.txt | base64 -d | \
     openssl cms -inform DER -decrypt \
       -inkey [email protected]
my secret message: blablub

Related Questions in ENCRYPTION

Related Questions in OPENSSL

Related Questions in CERTIFICATE

Related Questions in CONTENT-MANAGEMENT-SYSTEM

Related Questions in SMIME

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.