Hi, If I do still have the public key and private key, I hope I still can use openssl to decrypt a message even if I lost the certificate originally used to encrypt to.
Unfortunately, my attempts fail so far: openssl smime -decrypt -in encrypted.eml -recip privKeyAndPubkeyInOtherCert.pem Enter pass phrase for privKeyAndPubkeyInOtherCert.pem: Error decrypting PKCS#7 structure 2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:pk7_doit.c:430: 2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:pk7_smime.c:451: If I just take the private key, it gets worse: openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem unable to load certificate 2504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE I guess it is partially explained why this happens (issuer-name, certificate-id pair) in http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2 Is there a way to decrypt that eml with openssl anyway short of Derek's ugly hack where he rebuilds a cert with same certificate-id/Issuer from the public key? Kind-of "force openssl to use a decryption key irrespective of all other rules it normally implements ..."? Many thanks for any hints in advance! Ralf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
