Hi,
If I do still have the public key and private key, I hope I still can use openssl to decrypt a message even if I lost the certificate originally used to encrypt to. Unfortunately, my attempts fail so far: openssl smime -decrypt -in encrypted.eml -recip privKeyAndPubkeyInOtherCert.pem Enter pass phrase for privKeyAndPubkeyInOtherCert.pem: Error decrypting PKCS#7 structure 2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:pk7_doit.c:430: 2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:pk7_smime.c:451: If I just take the private key, it gets worse: openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem unable to load certificate 2504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE I guess it is partially explained why this happens (issuer-name, certificate-id pair) in http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2 Is there a way to decrypt that eml with openssl anyway short of Derek's ugly hack where he rebuilds a cert with same certificate-id/Issuer from the public key? Kind-of "force openssl to use a decryption key irrespective of all other rules it normally implements ..."? Many thanks for any hints in advance! Ralf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Ralf Hauser wrote:
>Hi, > >If I do still have the public key and private key, I hope I still can use >openssl to decrypt a message even if I lost the certificate originally used >to encrypt to. > >Unfortunately, my attempts fail so far: > >openssl smime -decrypt -in encrypted.eml -recip >privKeyAndPubkeyInOtherCert.pem > >Enter pass phrase for privKeyAndPubkeyInOtherCert.pem: >Error decrypting PKCS#7 structure >2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches >certificate:pk7_doit.c:430: >2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt >error:pk7_smime.c:451: > >If I just take the private key, it gets worse: > >openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem > >unable to load certificate >2504:error:0906D06C:PEM routines:PEM_read_bio:no start >line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE > >I guess it is partially explained why this happens (issuer-name, >certificate-id pair) in >http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2 > >Is there a way to decrypt that eml with openssl anyway short of Derek's ugly >hack where he rebuilds a cert with same certificate-id/Issuer from the >public key? Kind-of "force openssl to use a decryption key irrespective of >all other rules it normally implements ..."? > >Many thanks for any hints in advance! > > Ralf > > which ignores certificates and tries to decode the the message with a hardcoded private key. But I don't know how much work this will be... :-/ Hope this helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 |
In reply to this post by gmx Ralf Hauser
Hi all, For implementing AS2, where is the best place to look for resources on how to encrypt and decrypt using SMIME via the openssl libraries? Thanks Pj. -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Ralf Hauser Sent: Tuesday, 19 July 2005 4:33 PM To: [hidden email] Subject: how to smime decrypt if certificate is lost? Hi, If I do still have the public key and private key, I hope I still can use openssl to decrypt a message even if I lost the certificate originally used to encrypt to. Unfortunately, my attempts fail so far: openssl smime -decrypt -in encrypted.eml -recip privKeyAndPubkeyInOtherCert.pem Enter pass phrase for privKeyAndPubkeyInOtherCert.pem: Error decrypting PKCS#7 structure 2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:pk7_doit.c:430: 2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:pk7_smime.c:451: If I just take the private key, it gets worse: openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem unable to load certificate 2504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE I guess it is partially explained why this happens (issuer-name, certificate-id pair) in http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2 Is there a way to decrypt that eml with openssl anyway short of Derek's ugly hack where he rebuilds a cert with same certificate-id/Issuer from the public key? Kind-of "force openssl to use a decryption key irrespective of all other rules it normally implements ..."? Many thanks for any hints in advance! Ralf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.1/51 - Release Date: 18/07/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.1/51 - Release Date: 18/07/2005 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |