1

We have a system using Symantec's PGP Universal Web Messenger.

This means that emails are sent to me using s/mime encryption from a pkcs12 cert.

I'm having a bit of trouble reading the messages in PHP.

I have all the imap code but now how do I read the encrypted p7m attached file. Is it just Base64 encoded and signed?

EDIT: I have the public key.

Here is the mime info:-

Content-Type: application/pkcs7-mime; smime-type=enveloped-data;\r\n\tname="Message.p7m"\r\nContent-Transfer-Encoding: BASE64\r\nContent-Disposition: attachment; filename="Message.p7m"
Stephen Adrian Rathbone
  • 327
  • 7
  • 19

1 Answers1

1

The P7M file type is primarily associated with a PKCS #7 MIME Message. See Section 3.2 in RFC 2311:

3.2 The application/pkcs7-mime Type

    The application/pkcs7-mime type is used to carry PKCS #7 objects of
    several types including envelopedData and signedData. The details of
    constructing these entities is described in subsequent sections. This
    section describes the general characteristics of the
    application/pkcs7-mime type.
    
    This MIME type always carries a single PKCS #7 object. The PKCS #7
    object must always be BER encoding of the ASN.1 syntax describing the
    object. The contentInfo field of the carried PKCS #7 object always
    contains a MIME entity that is prepared as described in section 3.1.
    The contentInfo field must never be empty.
    
    Since PKCS #7 objects are binary data, in most cases base-64 transfer
    encoding is appropriate, in particular when used with SMTP transport.
    The transfer encoding used depends on the transport through which the
    object is to be sent, and is not a characteristic of the MIME type.
    
    Note that this discussion refers to the transfer encoding of the PKCS
    \#7 object or "outside" MIME entity. It is completely distinct from,
    and unrelated to, the transfer encoding of the MIME entity secured by
    the PKCS #7 object, the "inside" object, which is described in
    section 3.1.
    
    Because there are several types of application/pkcs7-mime objects, a
    sending agent SHOULD do as much as possible to help a receiving agent
    know about the contents of the object without forcing the receiving
    agent to decode the ASN.1 for the object. The MIME headers of all
    application/pkcs7-mime objects SHOULD include the optional "smime-
    type" parameter, as described in the following sections.

This is basically a secure E-mail file sent in encrypted form. If everything is set up properly you should have a public key necessary to decrypt the file. If not, download it.

In your case the transfer encoding is Base64. Decode the attachment first (if you don't have done this so far) and then process the binary data.

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836
  • I have the public key. How do I process the binary decoded data? In which order do I do these? – Stephen Adrian Rathbone Feb 23 '12 at 12:33
  • If you follow the link to the RFC above, you can see how it is created. You only need to reverse the process. You find an in-depth description there, much better as I could coin it. – hakre Feb 23 '12 at 12:35
  • Ok, sorted it. We do not need to decode the base64 attachment. The PHP openssl functions just output the decrypted message as long as your cert/key are all set correctly. – Stephen Adrian Rathbone Feb 24 '12 at 16:54