On Thu, Mar 27, 2003, marek cervenka wrote: > > > > > i have a single file in PKCS#7 format > > > > > can i decrypt this file with openssl? > > > > > > > > > > i try this > > > > > [EMAIL PROTECTED] cp]# openssl smime -decrypt -inform der -in pkcs7.enc > > > > > -recip test.pem -inkey key.pem > > > > > Enter PEM pass phrase: > > > > > Error decrypting PKCS#7 structure > > > > > 3428:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches > > > > > certificate:pk7_doit.c:371: > > > > > 3428:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt > > > > > error:pk7_smime.c:405: > > > > > > > > > > > > > You can if pass it a private key and certificate corresponding to one of > > > > the recipients of the message. > > > > > > but this file is not email (i'm not creator of this file :( ) > > > > > > this file have PKCS structure (certificate + encrypted data) > > > can i decrypt this file without conversion to s/mime message? > > > > > > > Well even if it isn't email the original file will have been encrypted using a > > certificate's public key and the details of the certificate placed in the > > structure: specifically its issuer name and serial number. There may be more > > than one certificate used to allow multiple keys to decrypt the file. > > > > So you need at least one key and certificate pair to decrypt it. > > that is clear > > i have one key and certificate (file is signed and encrypted for my pair) > > but how can i do this? > any known software? >
Well yes, the smime utility should do so. However that error message is saying that the issuer(s) and serial number(s) in the message doesn't match those in your certificate. Possibly the file was encrypted using the wrong certificate? There isn't a utility to print out the expected issuer name and serial number names for PKCS#7 encryptedData with OpenSSL so it isn't that easy to check. If you don't mind sending me the file and your certificate (not the private key) I can check to see what the issuer name and serial number(s) are and if they should match. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
