[openssl.org #1167] allow to use -nocerts in "smime -decrypt" or look for private key anyway if no matching cert found

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #1167] allow to use -nocerts in "smime -decrypt" or look for private key anyway if no matching cert found

Rich Salz via RT

As per the discussion of
http://marc.theaimsgroup.com/?l=openssl-users&m=112176306618249&w=2 , it
does not appear that openssl can be used to derypt a smime message if
the certificate is lost even if the public and private key are still in
the decrypter's possesion.

RFE:
It would be great if openssl could

a) simply try the (most likely only one) private key in keysAndCerts.pem
if it doesn't find the matching certificate anyway

b) only do that if also the "nocerts" parameter is given
openssl smime -decrypt -in encrypted.eml -recip keysAndCerts.pem -nocerts
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]