5

I am currently trying to decrypt some CMS encrypted text with Python. I have been unable to find a library that can use the CMS implementation in OpenSSL (Tried M2Crypto, PyOpenSSL, PyCrypto).

The messages being sent to me contain data encrypted with the following Java:

public static byte[] cmsEncrypt(byte[] data, Certificate cert) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException {
    CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
    gen.addKeyTransRecipient((X509Certificate) cert);
    CMSProcessable cmsData = new CMSProcessableByteArray(data);
    CMSEnvelopedData enveloped = gen.generate(cmsData, CMSEnvelopedDataGenerator.AES128_CBC, 128, "BC");
    return enveloped.getEncoded();
}

This Java contains some deprecated methods, which I unfortunately have no control over. Is there a Python OpenSSL module that I can use that will decrypt this CMS encrypted data? As of right now, I am shelling out and using the bash OpenSSL commands to decrypt, with this Python:

from subprocess import call
decrypt = call(['openssl', 'cms', '-decrypt', '-binary', '-inkey', 'key.pem', '-in', 'message.msg'])

I would prefer to do this entirely in Python without having to use the shell OpenSSL commands.

Nick
  • 91
  • 7
  • Does http://stackoverflow.com/questions/15700945/how-to-get-the-signed-content-from-a-pkcs7-envelop-with-m2crypto help? I haven't looked closely enough to see whether your data is in a similar format. – Gilles 'SO- stop being evil' Jan 10 '14 at 19:37
  • Max found a workaround for a similar problem in Python shortcomings at https://stackoverflow.com/questions/21053935/php-openssl-pkcs7-needs-files-security-issue/21070408#21070408. – jww Jan 18 '14 at 17:34

0 Answers0