0

How to decrypt message:

algorithm="urn:ietf:params:xml:ns:cpxmlsec:algorithms:transport-gost2001

?

File ENC_KEY:

MIGkMCgEIIL21aL9mNsYkPGux4Ywv+0Jh1gn6AYQHgsE9lyPaNi/BARz3b+ooHgGByqFAwICHwGgYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIeAQNDAARA3Xp8QDVUYjezeCDa9zzV3Mo2xK4gxc0vJ8/5yu6Zn5bpTZTTEDty7K9XcWSQRrOQdT7hRSV1osk4EJY9yI9k0gQIaIxb+7AUBFQ=

Decrypt:

    openssl enc -d -A -base64 -in ENC_KEY -out ENC_KEY.DER
    openssl smime -decrypt -engine gost -binary -noattr -inform PEM -in ENC_KEY.DER -out KEY.DER -inkey KEY.PEM
    engine "gost" set.
    Error reading S/MIME message
    139932807476880:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: PKCS7
Unheilig
  • 16,196
  • 193
  • 68
  • 98
shushlyakov
  • 21
  • 3

1 Answers1

1

You have used the -inform PEM option to tell openssl smime to parse ENC_KEY.DER as a PEM file. ENC_KEY.DER is not in PEM format; it is in DER format. The error message indicates that it is failing to parse a PEM header.

You must change -inform PEM to -inform DER.

frasertweedale
  • 5,424
  • 3
  • 26
  • 38
  • /opt/openssl/apps/openssl smime -decrypt -engine gost -binary -noattr -inform DER -in ENC_KEY.DER -out KEY.DER -inkey KEY.PEM engine "gost" set. Error reading S/MIME message 139689802765968:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1180: 139689802765968:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:744: 139689802765968:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:676:Field=type, Type=PKCS7 – shushlyakov May 08 '15 at 09:53
  • OK, your DER isn't a PKCS7 object. The object looks like a key wrapped using a GOST ECC algorithm, along with algorithm parameters and the public key used. I must note that your `openssl enc -d` invocation does not decrypt anything, it merely decode the base64 of `ENC_KEY`. But I am not familiar with GOST and can render no additional guidance at this time. – frasertweedale May 08 '15 at 10:33