Dr. Stephen Henson wrote: >By default the PKCS#12 files OpenSSL creates should be key exchange keys >unless you supply the -keysig command line argument. > >I > Groan! Well spotted Steve! It appears we scripted calls to openssl with the "-keyex" option when making certs (it was specifically to stop people using client certs for email - well that worked!!! ;-)... I removed that and now a cert can decrypt S/MIME emails :-)
Thanks for that Steve! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
