On Fri, Jan 10, 2014, Nicholas Barone wrote:
> Hello,
>
> I have a program running on Centos 6.4 with OpenSSL 1.0.1 that is sending
> and receiving messages with another system, written in Java. I encrypt the
> data using the following command:
>
> # openssl cms -encrypt -binary -aes128 -in message.msg key.pem
>
> My encrypted message looks like the following:
>
> MIME-Version: 1.0
> Content-Disposition: attachment; filename="smime.p7m"
> Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
> name="smime.p7m"
> Content-Transfer-Encoding: base64
>
> MIIBzwYJKoZIhvcNAQcDoIIBwDCCAbwCAQAxggGAMIIBfAIBADBkMFwxCzAJBgNV
> BAYTAlVTMQswCQYDVQQIEwJGTDEMMAoGA1UEBxMDSkFYMQwwCgYDVQQKEwNDU1gx
> CzAJBgNVBAsTAlNJMRcwFQYDVQQDEw5CcmlhbiBPJ0dvcm1hbgIEUmaLjzANBgkq
> hkiG9w0BAQEFAASCAQCDlr+0swuPiZAVh58LK0O32sVHH4iimC/EAsyyti6rHZAV
> hTegCh2dBPewvrXEam4aKgtGyjHGzExk1JAdPYqnDvGpII4p5IQayydBxZ8cw9BX
> u4X7aZQ5IKjxJb8caUUfbLrgm7nOEyIhxziz+k5N6ybYRCnk4qP9Amr3pQP7SV1Y
> XKP/Kic4ZeNOxm3D64CB35D4nnkjMHDwueSO3TdZsF0jsuP2+4YSAOG5RpST+YEa
> uVKbPJfl4dyOsxysrFrUuZUDskXRpAO9iYiJO86hBKlCZ1hB2xqjtHYvq2zgWA8y
> DchS8elrkQCEKfOe624Q9Y8E+KaKzrtyuPFLzzSKMDMGCSqGSIb3DQEHATAUBggq
> hkiG9w0DBwQIpJxEptYu1oCAEI/37e7/FaXRm+08YW2yIvc=
>
> I strip the headers from the data and send only the encrypted data, which
> the Java is able to decrypt with the following method:
>
> private static byte[] cmsDecrypt(byte[] message, PrivateKey key) throws
> CMSException, IOException, NoSuchProviderException {
> CMSEnvelopedDataParser ep = new
> CMSEnvelopedDataParser(message);
> RecipientInformationStore recipients =
> ep.getRecipientInfos();
> Collection c = recipients.getRecipients();
> Iterator iter = c.iterator();
> RecipientInformation recipient = (RecipientInformation)
> iter.next();
> return recipient.getContent(key, new
> BouncyCastleProvider());
> }
>
> However, decrypting data that is encrypted in Java is not working for me.
> The messages are encrypted using the following Java:
>
> public static byte[] cmsEncrypt(byte[] data, Certificate cert) throws
> NoSuchAlgorithmException, NoSuchProviderException, CMSException,
> IOException {
> CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
> gen.addKeyTransRecipient((X509Certificate) cert);
> CMSProcessable cmsData = new CMSProcessableByteArray(data);
> CMSEnvelopedData enveloped = gen.generate(cmsData,
> CMSEnvelopedDataGenerator.AES128_CBC, 128, "BC");
> return enveloped.getEncoded();
> }
>
> This is sent to my program in the following format:
>
> MIAGCSqGSIb3DQEHA6CAMIACAQAxggGAMIIBfAIBADBkM
> FwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDEMMAoGA1UEBxMDSkFYMQwwCgYDVQQKEwNDU1gxCzAJB
> gNVBAsTAlNJMRcwFQYDVQQDEw5CcmlhbiBPJ0dvcm1hbgIEUmaLjzANBgkqhkiG9w0BAQEFAASCAQCrt
> gzZacBepOAJDskb8KC1AFLw4MF2bAu3D
>
> I am trying to decrypt the message using the command line like this:
>
> # openssl cms -decrypt -binary -in encmessage.msg -inkey key.pem
>
> However, this returns the following error:
>
> Error reading S/MIME message
> 140284038506312:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no
> content type:asn_mime.c:451:
>
> I believe this is because the message returned from Java has no headers
> attached, and therefore cannot be read properly. Is there a way to set
> openssl so that the headers are not needed for the decryption? I have
> tried using various flags, but the CMS documentation doesn't seem to have
> what I need. Any help would be much appreciated.
>
There isn't a CMS form that is base64 without headers. You can however decode
the base64 into binary (or get the java code to output directly in binart)
and use -inform DER.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
