0

I use Java with BouncyCastle to decrypt and verify p7m s/mime messages. When the private key I have chosen to decrypt the message does NOT match, I get errors from Bouncy Castle like "exception unwrapping key" or "bad padding".

But how can I output the serial number of the certificate which was used to encrypt the message? It would be helpful for the customer to see that he has chosen an old certificate for instance.

Windows offers a console app "certutil" in order to analyze a p7m stream. The serial number and the issuer ist mentioned there:

CMSG_KEY_TRANS_RECIPIENT(1) CERT_ID_ISSUER_SERIAL_NUMBER(1) Seriennummer: b33...

Harsha W
  • 3,162
  • 5
  • 43
  • 77
Dan
  • 59
  • 5
  • please add the code that throws the error – Egl Apr 18 '17 at 18:01
  • I think that the error is not important here. My question was how to obtain the serial number of the certificate, which was used to encrypt the message. – Dan Apr 19 '17 at 08:07

1 Answers1

0

Finally, I found out by my own :-)

There is a class inside bouncycastle, which enables you to parse the ASN structure of the encrypted message.

ASN1InputStream bIn = new ASN1InputStream(message.getEncoded());
ASN1Primitive obj = bIn.readObject();
system.out.println(ASN1Dump.dumpAsString(obj));

Also the serial number of the certificate is inside. So I jumped to the source code and copied the parts I needed in order to detect it and store it inside a global variable.

Dan
  • 59
  • 5