On Mon, Feb 04, 2008 at 09:34:00AM +0100, Peter Van Biesen wrote:
> -decrypt does not work without a key. I used an invalid key and I get
> following error :
>
> Error decrypting PKCS#7 structure
> 13136:error:21070092:PKCS7 routines:PKCS7_dataDecode:no recipient matches
> key:pk7_doit.c:482:
> 13136:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
> error:pk7_smime.c:470:
>
> Which seems like a good and sensible error message. Using the correct private
> key decrypts the message.
>
> I was looking for a way to get some information from the message (
> like -info ) without trying to decrypt it, but apparently no such option
> exists ? It would be nice if I could say to my customer : you did not encrypt
> the message with our public key, I can see that you used key XYZ ...
>
> Does the above error say that the pkcs7 is correct but the key was not found
> ?
S/MIME first signs, then encrypts, so you can't check the signature without
decrypting.
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]