On Mon, Sep 29, 2003, [EMAIL PROTECTED] wrote: > Hello! > > How can I print out the issuer name of an encrypted file ? > > The problem : > I have an encrypted file, and also the corresponding original plaintext file. > And I also have say 20 certificates (public keys). > I know that the encrypted file was encrypted using ONE of these public keys. > Is there a way to find out with which ? > > (I first wanted to encrypt the cleartext file with each of those 20 > certificates files, and then to compare the MD5 checksum against the MD5 sum > of the "mysterious" encrypted file. I guess this doesnt work because it 2 > successive encryptions of a given file with a given key seem to yield > different encrypted files) > > Also this seems interesting : > > On Wed, Mar 26, 2003, Dr. Stephen Henson wrote: > > > There isn't a utility to print out the expected issuer name and serial number > > names for PKCS#7 encryptedData with OpenSSL so it isn't that easy to check. > > > If you don't mind sending me the file and your certificate (not the private > > key) I can check to see what the issuer name and serial number(s) are and if > > they should match. > > Well I'll have to do this stuff many times, so could anyone provide details on > how to check to see what the issuer name and serial number(s) are and if > they should match ? > > > BTW, the command I use to encrypt stuff is : > openssl smime -encrypt -in cleartext-file -out encrypted-file > certificate-file.crt > > and of course, I dont have the private keys for those 20 certificates. >
There isn't a command to do this but the standard OpenSSL S/MIME code does the search. If you look at around line 401 in pk7_doit.c you'll see a look which checks each RecipientInfo structure against each certificate and breaks out when it finds the right one or errors out if it can't. You should be able to adapt that to your needs. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
