For S/MIME input:
$ openssl cms -in cms.eml -cmsout -print
For DER input:
$ openssl cms -inform DER -in cms.der -cmsout -print
Thank you!!!
The above gave me:
CMS_ContentInfo:
contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
. . . . .
originatorInfo: <ABSENT>
recipientInfos:
d.ktri:
version: <ABSENT>
d.issuerAndSerialNumber:
issuer: CN=<correct…>
serialNumber: 1468961193
keyEncryptionAlgorithm:
algorithm: rsaEncryption (1.2.840.113549.1.1.1)
parameter: NULL
encryptedKey:
0000 - bb 14 f6 cc 55 26 86 ca-71 b4 2f 55 11 f0 bb ....U&..q./U...
. . . . .
It showed me that the serial number of the intended recipient’s cert corresponded to the *signing* key and certificate (instead of the encryption key/cert). Which is why the legitimate clients refused to decrypt this email.
Would you be able to provide me with a command line that would allow me to *decrypt* the message? My keys are on a hardware token, so I’ll have to use “–engine pkcs11 –keyform ENGINE”…
Thanks!!
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
