> On Apr 6, 2017, at 1:25 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > > I’m trying to debug the case of a (bad) email client sending encrypted S/MIME email that the recipient cannot decrypt (we suspect the problem is that the sender chooses a wrong public key/certificate to encrypt to). > > Unfortunately, recipient email clients do not help figuring this out. All they say is “you do not have the right key…”. > > My goal is to “unwrap” the CMS/SMIME message, and print out some identity of the recipient key/cert (anything that would allow me to tie this email to any of the keys I have, or to ascertain that it’s none of those) would help greatly. Printing out other details, such as “algorithms used” would also be helpful. > > I’m sure it’s possible to write an application to do that. But I strongly suspect that the “openssl” command line tool would be able to address this problem. > > Would somebody on this list please show me how I can print the “metadata” (yes, that big word ☺) of the S/MIME email using openssl? For S/MIME input: $ openssl cms -in cms.eml -cmsout -print For DER input: $ openssl cms -inform DER -in cms.der -cmsout -print -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
