I have an intermediate SMIME decrypting problem. I'm using following
commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11): cat email | openssl smime -decrypt -inkey mykey -recip mycert This works usually without problems. But Emails from one particular address I can decrypt only most of the time. Sometimes I'll get following error message: openssl-0.9.6b: Error reading S/MIME message 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139: 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299: same effect with openssl-0.9.7-beta6: Error reading S/MIME message 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240: 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299: When I'll try the same command later it might or might not get decrypted successful ... What does "header too long" mean in the context of SMIME decrypt (or "not enough data")? Thanks, -- Beat ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On 2005.06.01 at 13:07:31 +0200, Beat Jucker wrote:
> I have an intermediate SMIME decrypting problem. I'm using following > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11): > > cat email | openssl smime -decrypt -inkey mykey -recip mycert > > This works usually without problems. But Emails from one particular > address I can decrypt only most of the time. Sometimes I'll get > following error message: > > openssl-0.9.6b: > > Error reading S/MIME message > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139: Once I've got simular problem with opaque signed message (DER format) which was attached to the E-Mail and used Quoted-Printable transfer encoding. Thus all end-of-lines inside message data was converted from CRLF to LF by some intermediate mail server. So, investigating transport envelope of problematic messages can be helpful. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Beat Jucker
Try using the asn1parser (an option with openssl). If this doesn't complete without an error then you may have a problem with the way your originator is producing ASN.1 (we did here and I had to solve it by producing a bit of code to act as a 'filter' to correct the problem!).
I have an intermediate SMIME decrypting problem. I'm using following |
On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote:
> Try using the asn1parser (an option with openssl). no problem: asn1parse tells me 0:d=0 hl=2 l=inf cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData ... But I'm realy confused because exactly the same message sometimes might/mightnot decrypt. Could it have something todo with openssl initialisation? Therefor I'm interested to know the possible reasons of openssl-0.9.6: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139: openssl-0.9.7: error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240: Thanks -- Beat > I have an intermediate SMIME decrypting problem. I'm using following > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11): > > cat email | openssl smime -decrypt -inkey mykey -recip mycert > > This works usually without problems. But Emails from one particular > address I can decrypt only most of the time. Sometimes I'll get > following error message: > > openssl-0.9.6b: > > Error reading S/MIME message > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139: > 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: > 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299: > > same effect with openssl-0.9.7-beta6: > > Error reading S/MIME message > 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240: > 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: > 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299: > > When I'll try the same command later it might or might not get decrypted successful ... > What does "header too long" mean in the context of SMIME decrypt (or "not enough data")? OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
> On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote:
> > Try using the asn1parser (an option with openssl). > > no problem: asn1parse tells me > > 0:d=0 hl=2 l=inf cons: SEQUENCE > 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData > ... When I parse the encoded message only newer openssl versions report errors (> 0.9.7d). There is indeed a problem with the ASN1 structure of the encoded S/MIME message (in the script I was using an absolute path but manually I was using the version found by PATH variable therefor I got different results). Only openssl-0.9.7d doesn't report an error when I decode the message. All other versions I have (0.9.5a, 0.9.6b, 0.9.7-beta6, 0.9.8-beta4) report decoding errors. Older openssl versions doesn't report asn1 error at all (older than some kind of 0.9.7d). Why this different behaviour? Where is the reason of the problem? I don't know what kind of software our partner is using for preparing S/MIME messages (definitifely not openssl) but nly a few of them can't get decoded. Here is the asn1parse output of an example we can't decode (the first lines are all the same): ------------------------------------------------------------ *NO* asn1 error *AND* decoded successful: cat message | openssl-0.9.7d asn1parse -i 2>&1 ... 634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 645:d=4 hl=2 l= 26 cons: SEQUENCE 647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 657:d=5 hl=2 l= 14 cons: SEQUENCE 659:d=6 hl=2 l= 2 prim: INTEGER :A0 663:d=6 hl=2 l= 8 prim: OCTET STRING 673:d=4 hl=2 l=inf cons: cont [ 0 ] 675:d=5 hl=4 l=2048 prim: OCTET STRING 2727:d=5 hl=4 l=2048 prim: OCTET STRING 4779:d=5 hl=4 l= 512 prim: OCTET STRING 5295:d=5 hl=2 l= 0 prim: EOC 5297:d=4 hl=2 l= 0 prim: EOC 5299:d=3 hl=2 l= 0 prim: EOC 5301:d=2 hl=2 l= 0 prim: EOC 5303:d=1 hl=2 l= 0 prim: EOC ------------------------------------------------------------ *NO* asn1 error *BUT NOT* decoded successful: cat message | openssl-0.9.6b asn1parse -i 2>&1 ... 632:d=3 hl=2 l=inf cons: SEQUENCE 634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 645:d=4 hl=2 l= 26 cons: SEQUENCE 647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 657:d=5 hl=2 l= 14 cons: SEQUENCE 659:d=6 hl=2 l= 2 prim: INTEGER :A0 663:d=6 hl=2 l= 8 prim: OCTET STRING 673:d=4 hl=2 l=inf cons: cont [ 0 ] 675:d=5 hl=4 l=2048 prim: OCTET STRING 2727:d=5 hl=4 l=2048 prim: OCTET STRING 4779:d=5 hl=4 l= 512 prim: OCTET STRING ------------------------------------------------------------ asn1 error and not decoded successful: cat message | openssl-0.9.8-beta4 asn1parse -i 2>&1 ... 632:d=3 hl=2 l=inf cons: SEQUENCE 634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 645:d=4 hl=2 l= 26 cons: SEQUENCE 647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 657:d=5 hl=2 l= 14 cons: SEQUENCE 659:d=6 hl=2 l= 2 prim: INTEGER :A0 663:d=6 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:BAA1DF8EAEA83325 673:d=4 hl=2 l=inf cons: cont [ 0 ] 675:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:62AE5340C8B07966F23C6EFC87E810E45DA42366D4ED0 D83D2DC557AF4F5B15DF53D5E2E64FD0B7D2CE145E44E5EEF36BB04FF968BE0CFA15400F4B93DEAE75C1B9DCD36871BBE139C0A14CFD ... 8DAE7868857C2410700074D35DE4D5CE52301CAE65E47C7D274053A6A8490A17E0C65D182B65C7B841E23C0533369EEB38941F633F7A 97117F2DB34F492CE2C5F43D32324033:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:1 42: 9E7F27EA52212FE04BA9C460AC8E2B08A18A92C764D8207DDBA7F73DE8E7FAB91DA7486471E7A51BAFDC6EBD851B5265D939FEC670F8 ... F7B66C55A2772DF6541CF03429639C1C3818527F3B77E4DBF179AEA5C37645495488353BD97A37A68BC277BDB7FF4E6E46FD25EED682 4B9B21A82CCAA9484F9353EF1CA1 2727:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:187CFAED2A4E669FFCA28089379087770A50287640EB5 E7A242961D087C3157A1A29701946A57EE821591686C653304CC82C245B8F56CD953D15E704224B879D737C66D117AB8234A1CE5D123 ... 39DD42164E90B2417476D27CE9FBD93914AD3C861278277221B68A8F4133B3486C9AB15EF40F8FBB31854051DDDCDF7FE01483DD1C1F 64CE1C56C949A8B330169EF643F87F600B997199523715628900E1F Error in encoding ------------------------------------------------------------ Tanks for any help -- Beat > > I have an intermediate SMIME decrypting problem. I'm using following > > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11): > > > > cat email | openssl smime -decrypt -inkey mykey -recip mycert > > > > This works usually without problems. But Emails from one particular > > address I can decrypt only most of the time. Sometimes I'll get > > following error message: > > > > openssl-0.9.6b: > > > > Error reading S/MIME message > > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139: > > 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: > > 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299: > > > > same effect with openssl-0.9.7-beta6: > > > > Error reading S/MIME message > > 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240: > > 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: > > 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299: > > > > When I'll try the same command later it might or might not get decrypted successful ... > > What does "header too long" mean in the context of SMIME decrypt (or "not enough data")? OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
This looks very much like the problem I had. If the sender is using Chilkat software (I think they produce a plugin for Visual Studio) ... then this had (has) a feature that produced wrong ASN.1. If you look at the raw SMTP message you can sometimes see what mail client of software was used to create it.
We have told our business partner to fix the problem (and they have approached Chilkat) ... in the meantime I wrote some C to fix it locally (and I'm not a developer).
Peter
> On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote: |
Free forum by Nabble | Edit this page |