3

I am openssl Newibe. I am trying to write a python script (calling openssl) to decrypt multiple p12 encrypted eml files but failing.

I can open them up in Thunderbird fine.

here is what i tried:

openssl pkcs12 -in keys/pkitepki.p12 -clcerts -nokeys -out file.crt.pem
openssl pkcs12 -in keys/pkitepki.p12 -nocerts -out file.key.pem
openssl smime -decrypt -in smime.p7m -recip file.crt.pem  -inkey file.key.pem

The error i got is :

Error reading S/MIME message
139955665413864:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no content type:asn_mime.c:451

What is wrong with my steps?

Phyo Arkar Lwin
  • 6,673
  • 12
  • 41
  • 55

3 Answers3

2

The input should not be smime.p7m. it should be the email with the smime.p7m inside it. There should be email headers and a base64 encoded content.

Jake
  • 2,106
  • 1
  • 24
  • 23
2

In my case, the encrypted .p7m file attachment I got from Gmail was in DER format which is not the OpenSSL default (default is SMIME format). So just add -inform DER to your OpenSSL command and see if it works.

Here was my original OpenSSL command:

openssl smime -decrypt -in "smime.p7m" -inkey "georgie_smime.key.pem"

which outputted this error Error reading S/MIME message 2147483656:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no content type:crypto/asn1/asn_mime.c:391:

So just add -inform DER

openssl smime -decrypt -in "smime.p7m" -inform DER -inkey "georgie_smime.key.pem"

And it worked!

Also, I send the actual SMIME encrypted emails in Java using BouncyCastle if that information is useful to anyone

georgiecasey
  • 21,793
  • 11
  • 65
  • 74
1

Use cms instead of smime:

openssl cms -decrypt -in smime.p7m -recip file.crt.pem  -inkey file.key.pem
yannik995
  • 307
  • 1
  • 12