-decrypt does not work without a key. I used an invalid key and I get following error :
Error decrypting PKCS#7 structure 13136:error:21070092:PKCS7 routines:PKCS7_dataDecode:no recipient matches key:pk7_doit.c:482: 13136:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:pk7_smime.c:470: Which seems like a good and sensible error message. Using the correct private key decrypts the message. I was looking for a way to get some information from the message ( like -info ) without trying to decrypt it, but apparently no such option exists ? It would be nice if I could say to my customer : you did not encrypt the message with our public key, I can see that you used key XYZ ... Does the above error say that the pkcs7 is correct but the key was not found ? What happens when the pkcs7 is incorrect ? Anyway, this I can check on my own. Thanks a bunch for the help ! Peter. On Friday 01 February 2008 18:09:27 Dr. Stephen Henson wrote: > On Fri, Feb 01, 2008, Peter Van Biesen wrote: > > Are you saying that if I do not have the private key -verify says : > > > > "wrong content type" > > > > how does openssl know which key to use for decryption/verification ? Or > > does it just try them all ? I have difficulty to believe that no > > information can be retrieved from the pkcs7 container without the use of > > the private key . > > > > FYI : the reason I'm trying this is is because some messages do not > > decrypt and I need a way to debug the communication. Btw, the messages I > > attached previously were correctly processed ones, not faulty ones. > > There are indications in the message which allow the correct key to be > identified. > > That error is caused by you attempting to perform and operation that is > inconsistent with the content type. > > In this case you have an envelopedData type and you are attempting to > verify a signature which is only performed on the signedData type. > > Instead of -verify try the -decrypt option to the smime utility and see > what (if any) error messages you get. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] -- Peter Van Biesen Sysadmin VAPH tel: +32 (0) 2 225 85 70 fax: +32 (0) 2 225 85 88 e-mail: [EMAIL PROTECTED] PGP: http://www.vaph.be/pgpkeys
signature.asc
Description: This is a digitally signed message part.
