Problem: Outlook 2010 violates CMS rfc, it sets the SubjectKeyIdentifier in an smime encrypted message, even tho the x509 certificate used to encrypt this message does not have this extension set. Outlook synthesize this value somehow. When trying to decrypt the message with the private key, openssl refuses the decrypt because the sanity check (does any recipient IDs match of this private key match this encrypted message) fails.
Solution: Disable the recipient check, when i manually assign the private key - just use it to decrypt the message. See https://bugzilla.mozilla.org/show_bug.cgi?id=559243 The same applies for the smime command, this issue made no sense to me - when you reissue a key from a CA (using the same private key) you are unable to decrypt messages encrypted to the old x509 public key because openssl refused to decrypt, because it cannot find the recip - of course it cannot find the id because the new x509 cert has a new recip id - however the private key is unchanged so it is still possible to decrypt the message. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
