OpenSSL › OpenSSL - User

how to smime decrypt if certificate is lost?

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

gmx Ralf Hauser

how to smime decrypt if certificate is lost?

Hi,

If I do still have the public key and private key, I hope I still can use
openssl to decrypt a message even if I lost the certificate originally used
to encrypt to.

Unfortunately, my attempts fail so far:

openssl smime -decrypt -in encrypted.eml -recip
privKeyAndPubkeyInOtherCert.pem

Enter pass phrase for privKeyAndPubkeyInOtherCert.pem:
Error decrypting PKCS#7 structure
2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches
certificate:pk7_doit.c:430:
2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
error:pk7_smime.c:451:

If I just take the private key, it gets worse:

openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem

unable to load certificate
2504:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE

I guess it is partially explained why this happens (issuer-name,
certificate-id pair) in
http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2

Is there a way to decrypt that eml with openssl anyway short of Derek's ugly
hack where he rebuilds a cert with same certificate-id/Issuer from the
public key? Kind-of "force openssl to use a decryption key irrespective of
all other rules it normally implements ..."?

Many thanks for any hints in advance!

Ralf

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Bernhard Fröhlich-2

Re: how to smime decrypt if certificate is lost?

Ralf Hauser wrote:

>Hi,
>
>If I do still have the public key and private key, I hope I still can use
>openssl to decrypt a message even if I lost the certificate originally used
>to encrypt to.
>
>Unfortunately, my attempts fail so far:
>
>openssl smime -decrypt -in encrypted.eml -recip
>privKeyAndPubkeyInOtherCert.pem
>
>Enter pass phrase for privKeyAndPubkeyInOtherCert.pem:
>Error decrypting PKCS#7 structure
>2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches
>certificate:pk7_doit.c:430:
>2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
>error:pk7_smime.c:451:
>
>If I just take the private key, it gets worse:
>
>openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem
>
>unable to load certificate
>2504:error:0906D06C:PEM routines:PEM_read_bio:no start
>line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
>
>I guess it is partially explained why this happens (issuer-name,
>certificate-id pair) in
>http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2
>
>Is there a way to decrypt that eml with openssl anyway short of Derek's ugly
>hack where he rebuilds a cert with same certificate-id/Issuer from the
>public key? Kind-of "force openssl to use a decryption key irrespective of
>all other rules it normally implements ..."?
>
>Many thanks for any hints in advance!
>
> Ralf
>
>

I'm pretty sure that you won't be able to do this using openssl smime...

On the other hand it should be possible to create a hacked openssl smime
which ignores certificates and tries to decode the the message with a
hardcoded private key. But I don't know how much work this will be... :-/

Hope this helps
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26

smime.p7s (4K) Download Attachment

PJ-7

smime encryption

In reply to this post by gmx Ralf Hauser

Hi all,

For implementing AS2,

where is the best place to look for resources on how to encrypt and decrypt
using SMIME via the openssl libraries?

Thanks
Pj.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Ralf Hauser
Sent: Tuesday, 19 July 2005 4:33 PM
To: [hidden email]
Subject: how to smime decrypt if certificate is lost?

Hi,

If I do still have the public key and private key, I hope I still can use
openssl to decrypt a message even if I lost the certificate originally used
to encrypt to.

Unfortunately, my attempts fail so far:

openssl smime -decrypt -in encrypted.eml -recip
privKeyAndPubkeyInOtherCert.pem

Enter pass phrase for privKeyAndPubkeyInOtherCert.pem:
Error decrypting PKCS#7 structure
2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches
certificate:pk7_doit.c:430:
2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
error:pk7_smime.c:451:

If I just take the private key, it gets worse:

openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem

unable to load certificate
2504:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE

I guess it is partially explained why this happens (issuer-name,
certificate-id pair) in
http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2

Is there a way to decrypt that eml with openssl anyway short of Derek's ugly
hack where he rebuilds a cert with same certificate-id/Issuer from the
public key? Kind-of "force openssl to use a decryption key irrespective of
all other rules it normally implements ..."?

Many thanks for any hints in advance!

Ralf

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.1/51 - Release Date: 18/07/2005

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.1/51 - Release Date: 18/07/2005

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]