Hello,
I have a program running on Centos 6.4 with OpenSSL 1.0.1 that is sending
and receiving messages with another system, written in Java. I encrypt the
data using the following command:
# openssl cms -encrypt -binary -aes128 -in message.msg key.pem
My encrypted message looks like the following:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
MIIBzwYJKoZIhvcNAQcDoIIBwDCCAbwCAQAxggGAMIIBfAIBADBkMFwxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJGTDEMMAoGA1UEBxMDSkFYMQwwCgYDVQQKEwNDU1gx
CzAJBgNVBAsTAlNJMRcwFQYDVQQDEw5CcmlhbiBPJ0dvcm1hbgIEUmaLjzANBgkq
hkiG9w0BAQEFAASCAQCDlr+0swuPiZAVh58LK0O32sVHH4iimC/EAsyyti6rHZAV
hTegCh2dBPewvrXEam4aKgtGyjHGzExk1JAdPYqnDvGpII4p5IQayydBxZ8cw9BX
u4X7aZQ5IKjxJb8caUUfbLrgm7nOEyIhxziz+k5N6ybYRCnk4qP9Amr3pQP7SV1Y
XKP/Kic4ZeNOxm3D64CB35D4nnkjMHDwueSO3TdZsF0jsuP2+4YSAOG5RpST+YEa
uVKbPJfl4dyOsxysrFrUuZUDskXRpAO9iYiJO86hBKlCZ1hB2xqjtHYvq2zgWA8y
DchS8elrkQCEKfOe624Q9Y8E+KaKzrtyuPFLzzSKMDMGCSqGSIb3DQEHATAUBggq
hkiG9w0DBwQIpJxEptYu1oCAEI/37e7/FaXRm+08YW2yIvc=
I strip the headers from the data and send only the encrypted data, which
the Java is able to decrypt with the following method:
private static byte[] cmsDecrypt(byte[] message, PrivateKey key) throws
CMSException, IOException, NoSuchProviderException {
CMSEnvelopedDataParser ep = new
CMSEnvelopedDataParser(message);
RecipientInformationStore recipients =
ep.getRecipientInfos();
Collection c = recipients.getRecipients();
Iterator iter = c.iterator();
RecipientInformation recipient = (RecipientInformation)
iter.next();
return recipient.getContent(key, new
BouncyCastleProvider());
}
However, decrypting data that is encrypted in Java is not working for me.
The messages are encrypted using the following Java:
public static byte[] cmsEncrypt(byte[] data, Certificate cert) throws
NoSuchAlgorithmException, NoSuchProviderException, CMSException,
IOException {
CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
gen.addKeyTransRecipient((X509Certificate) cert);
CMSProcessable cmsData = new CMSProcessableByteArray(data);
CMSEnvelopedData enveloped = gen.generate(cmsData,
CMSEnvelopedDataGenerator.AES128_CBC, 128, "BC");
return enveloped.getEncoded();
}
This is sent to my program in the following format:
MIAGCSqGSIb3DQEHA6CAMIACAQAxggGAMIIBfAIBADBkM
FwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDEMMAoGA1UEBxMDSkFYMQwwCgYDVQQKEwNDU1gxCzAJB
gNVBAsTAlNJMRcwFQYDVQQDEw5CcmlhbiBPJ0dvcm1hbgIEUmaLjzANBgkqhkiG9w0BAQEFAASCAQCrt
gzZacBepOAJDskb8KC1AFLw4MF2bAu3D
I am trying to decrypt the message using the command line like this:
# openssl cms -decrypt -binary -in encmessage.msg -inkey key.pem
However, this returns the following error:
Error reading S/MIME message
140284038506312:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no
content type:asn_mime.c:451:
I believe this is because the message returned from Java has no headers
attached, and therefore cannot be read properly. Is there a way to set
openssl so that the headers are not needed for the decryption? I have
tried using various flags, but the CMS documentation doesn't seem to have
what I need. Any help would be much appreciated.
Thanks,
Nick
--
Nicholas Barone
Analyst III
Princeton Consultants, Inc.
2 Research Way
Princeton, NJ 08540
609.987.8787 x419
