0

I try to decrypt an ecrypted file. Sender sent 2 files, one from pord one from test environment. I can decrypt the prod version, but i can't decrypt the test version.

When try to decrypt the good verison, my tool use my certificate to decrypt, but when i try to decrypt the wrong version, it try to use the sender's certificate to decrypt. (But i haven't the private key of the sender, ofcourse :) )

I said to sender, You do something wrong, but he said, the prod and test is same, he sees the both sign on the files, i try to use the wrong cert.

But i don't know how can i use the good cert?

I use Crypt32.dll from C#, here is the simplified code:

// Prepare stream for encoded info
m_callbackFile = decodedFile;

// Set callback for streaming
StreamInfo = Win32.CreateStreamInfo( (int) encodedFile.Length, new Win32.StreamOutputCallbackDelegate( StreamOutputCallback ) );

// Open message to encode
m_hMsg = Win32.OpenMessageToDecode( StreamInfo );

     // Open message to decode: call API:
    hMsg = CryptMsgOpenToDecode(
        X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
        bDetached ? CMSG_DETACHED_FLAG : 0,
        0,
        IntPtr.Zero,
        IntPtr.Zero,
        ref StreamInfo
    );

// Process the whole message
Win32.ProcessMessage( m_hMsg, encodedFile );

    // ProcessMessage: read file from piece to piece, and call API:
    bResult = CryptMsgUpdate(
        hMsg.DangerousGetHandle(),
        new IntPtr( pAux ),
        pbData.Length,
        bFinal
    );


// With enveloped messages we have to verify that we got a valid encryption algorithm
Win32.CheckEnvelopeAlg( m_hMsg );

    // CheckEnvelopeAlg: read the crypth algorithm id from message
    bResult = CryptMsgGetParam(
        hMsg,
        dwParamType, // 15 - CMSG_ENVELOPE_ALGORITHM_PARAM
        dwIndex,
        pParam,
        ref cbParam
    );
    // result is:
    AlgId = (CRYPT_ALGORITHM_IDENTIFIER) Marshal.PtrToStructure( pEnvelopeAlg.DangerousGetHandle(), typeof( CRYPT_ALGORITHM_IDENTIFIER ) );
    // "2.16.840.1.101.3.4.1.2"


// Decrypt the message
Win32.Decrypt( m_hMsg );
    // Get recipient cert
    bResult = CryptMsgGetParam(
        hMsg,
        dwParamType, // 19 - CMSG_RECIPIENT_INFO_PARAM
        dwIndex,
        pParam,
        ref cbParam
    );
    // return with SafeNTHeapHandle pCertInfo

    // Open personal cert store
  hStore = CertOpenSystemStore(
      IntPtr.Zero,
      "MY"
    );

  CERT_INFO certInfo = (CERT_INFO) Marshal.PtrToStructure( pCertInfo.DangerousGetHandle(), typeof( CERT_INFO ) );
    // we can read the serial of the cert from this certInfo
    // this serial is our certificate in the prod case, but this serial is the sender's certificate in the uatcase!

What i did wrong? How can i decrypt the both file? (I try to find a tool to watch/analyze the encrypted file under windows, but didn't find any useful tool :( Can You suggest one? :) )

Mancika
  • 1
  • 2

1 Answers1

0

Problem is: more than 1 "recipients" are on the file. i did a loop, where i try to read the current "recipient's" certificate (and its private key), but take the next "recipient" when it failed.

// GetCountOfKeyTransferRecipients
            GetMessageParam( hMsg, Win32.CMSG_RECIPIENT_COUNT_PARAM, out pRecipientsCount );
            Int32 recipientsCount = (Int32) Marshal.ReadInt32( pRecipientsCount.DangerousGetHandle() );

            Logger.Log( "Recipientek száma:" + recipientsCount.ToString(), Logger.Level.ERROR );
            Boolean succes = false;
            Int32 recipientIndex = 0;
            for (recipientIndex = 0; recipientIndex < recipientsCount; recipientIndex++)
            {
                succes = GetCertificateFromStore( hMsg, recipientIndex, out KeyProvInfo ); // try-catch is inside...
                if (succes)
                {
                    break;
                }
            }
            if (!succes)
            {
                throw new Exception( "Get message certificate failed! See previous errors in the log file." );
            }
Mancika
  • 1
  • 2