On 06/01/2015 12:38, Dr. Stephen Henson wrote: > On Tue, Jan 06, 2015, Fred wrote: >> I need to decrypt some S/MIME content with an invalid key length >> for the AlgOID specified in the PCKS7 content. >> >> AES-256 is specified as the AlgOID, but a key length of 192 bits is >> being used. >> >> Is there anyway to get openssl to decrypt this using the openssl >> smime command? i.e. override the cipher used so that is uses >> aes-192-cbc ? > > Not using the smime command no. There are ways to handle this either with a > short program or by using a binary cut+paste using asn1parse. > > Another alternative is to use a modified version of OpenSSL which detects this > and works around the problem. (snip) I take it this kind of behaviour is non-standard, which is why OpenSSL has a problem? Does this behaviour (AlgID mismatch) explicitly contravene some RFC or is it that this is simply undefined and openssl is just being sensible? It would be useful to know if the software used to create the encrypted software is broken (it would seem it is).