Error Reading S/mime Message
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About error reading s mime message openssl Us Learn more about Stack Overflow the company Business Learn more about hiring openssl smime developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the openssl pkcs7 verify Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Error when verifying a clear signed openssl cms verify SMIME message up vote 0 down vote favorite I've a message like this in file testSmimeMsg.txt: ABC is our biggest acquisition ever and as you can imagine, customers and partners alike are eager to hear how we plan to integrate it into XYZ. Specifically, how are we going to bring the two traditionally separate silos of desktop and mobile together? To help explain our vision for
Openssl Smime Encrypt File
uniting we released a video describing our architecture and technology integration plans. Definitely watch the video to learn more, and the rest of this blog will give you a summary of our plans and a bit more color on certain areas. I use following command to make a clear signed message: $ openssl smime -sign -in testSmimeMsg.txt -out testSmimeClearTextMessage.txt -signer sender.pem The sender.pem is generated from a .p12 file and it has CERTIFICATE and RSA PRIVATE KEY contents. Then I use the following command to verify the signed message I just created. $ openssl smime -verify -in testSmimeClearTextMessage.txt -noverify -out testSmimeVerifiedClearTextMessage.txt The result is Verification Successful and content in testSmimeVerifiedClearTextMessage.txt is same as testSmimeMsg.txt. Perfect! Now Lets say I want to verify the same by the PKCS7_verify() method. C code jbyteArray aw_SMIME_Verify_Signature_And_Get_Message(JNIEnv *env, jobject obj, jbyteArray signedMsg, jstring senderCertPath, jstring rootCertPath) { //SenderCertPath and rootCertPath are currently NULL. For now, I just want openssl //to extract the signer cert from message and verify message. Root certificate and chain //of trust verification etc is ignored for now. jbyteArray cmsContent = NULL; PKCS7 *pkcs7 = NULL; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_load_X509_strings(); ERR_load_PKCS7_strings(); ERR_load_BIO_strings(); pkcs7 = getP7FromEncryptedMessage_SMIME(env, signedMsg); //this works. pkcs
[-[cipher]] [-in file] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any]
Openssl Cms Encrypt Example
[-inhibit_map] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] openssl pkcs7 sign command line [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] pkcs7_verify [-verify_name name] [-x509_strict] [-certfile file] [-signer file] [-recip file] [-inform SMIME|PEM|DER] [-passin arg] [-inkey file] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from http://stackoverflow.com/questions/23986946/error-when-verifying-a-clear-signed-smime-message ad] [-subject s] [-text] [-indef] [-noindef] [-stream] [-rand file(s)] [-md digest] [cert.pem]... DESCRIPTION The smime command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages. COMMAND OPTIONS There are six operation options that set the type of operation to be performed. The meaning of the https://www.openssl.org/docs/apps/smime.html other options varies according to the operation type. -help Print out a usage message. -encrypt encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format. Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. -decrypt decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file. -sign sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file. -verify verify signed mail. Expects a signed mail message on input and outputs the signed da
Reply | Threaded Open http://openssl.6102.n7.nabble.com/Decrypting-CMS-message-without-headers-td48076.html this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Decrypting CMS message without headers Hello,I have a program running on Centos 6.4 with OpenSSL 1.0.1 that is sending and receiving messages error reading with another system, written in Java. I encrypt the data using the following command:# openssl cms -encrypt -binary -aes128 -in message.msg key.pemMy encrypted message looks like the following: MIME-Version: 1.0Content-Disposition: attachment; filename="smime.p7m"Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"Content-Transfer-Encoding: base64 MIIBzwYJKoZIhvcNAQcDoIIBwDCCAbwCAQAxggGAMIIBfAIBADBkMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDEMMAoGA1UEBxMDSkFYMQwwCgYDVQQKEwNDU1gxCzAJBgNVBAsTAlNJMRcwFQYDVQQDEw5CcmlhbiBPJ0dvcm1hbgIEUmaLjzANBgkqhkiG9w0BAQEFAASCAQCDlr+0swuPiZAVh58LK0O32sVHH4iimC/EAsyyti6rHZAV hTegCh2dBPewvrXEam4aKgtGyjHGzExk1JAdPYqnDvGpII4p5IQayydBxZ8cw9BXu4X7aZQ5IKjxJb8caUUfbLrgm7nOEyIhxziz+k5N6ybYRCnk4qP9Amr3pQP7SV1YXKP/Kic4ZeNOxm3D64CB35D4nnkjMHDwueSO3TdZsF0jsuP2+4YSAOG5RpST+YEauVKbPJfl4dyOsxysrFrUuZUDskXRpAO9iYiJO86hBKlCZ1hB2xqjtHYvq2zgWA8y error reading s DchS8elrkQCEKfOe624Q9Y8E+KaKzrtyuPFLzzSKMDMGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIpJxEptYu1oCAEI/37e7/FaXRm+08YW2yIvc=I strip the headers from the data and send only the encrypted data, which the Java is able to decrypt with the following method: private static byte[] cmsDecrypt(byte[] message, PrivateKey key) throws CMSException, IOException, NoSuchProviderException { CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(message); RecipientInformationStore recipients = ep.getRecipientInfos(); Collection c = recipients.getRecipients(); Iterator iter = c.iterator(); RecipientInformation recipient = (RecipientInformation) iter.next(); return recipient.getContent(key, new BouncyCastleProvider()); }However, decrypting data that is encrypted in Java is not working for me. The messages are encrypted using the following Java:public static byte[] cmsEncrypt(byte[] data, Certificate cert) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException { CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); gen.addKeyTransRecipient((X509Certificate) cert); CMSProcessable cmsData = new CMSProcessableByteArray(data); CMSEnvelopedDa