On Wed, Apr 29, 2009 at 12:14 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Wed, Apr 29, 2009, Mathieu Malaterre wrote: > >> Hi there, >> >> I am trying to decrypt a file like this: >> >> $ openssl asn1parse -in sec -inform DER >> 0:d=0 hl=2 l=inf cons: SEQUENCE >> 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData >> 13:d=1 hl=2 l=inf cons: cont [ 0 ] >> 15:d=2 hl=2 l=inf cons: SEQUENCE >> 17:d=3 hl=2 l= 1 prim: INTEGER :00 >> 20:d=3 hl=2 l= 122 cons: SET >> 22:d=4 hl=2 l= 120 cons: cont [ 3 ] >> 24:d=5 hl=2 l= 1 prim: INTEGER :00 >> 27:d=5 hl=2 l= 35 cons: cont [ 0 ] >> 29:d=6 hl=2 l= 9 prim: OBJECT :PBKDF2 >> 40:d=6 hl=2 l= 22 cons: SEQUENCE >> 42:d=7 hl=2 l= 16 prim: OCTET STRING [HEX >> DUMP]:CFF092E4F1471FE68AF0DE2299D7AC56 >> 60:d=7 hl=2 l= 2 prim: INTEGER :03E8 >> 64:d=5 hl=2 l= 44 cons: SEQUENCE >> 66:d=6 hl=2 l= 11 prim: OBJECT :1.2.840.113549.1.9.16.3.9 >> 79:d=6 hl=2 l= 29 cons: SEQUENCE >> 81:d=7 hl=2 l= 9 prim: OBJECT :aes-128-cbc >> 92:d=7 hl=2 l= 16 prim: OCTET STRING [HEX >> DUMP]:B1218FF14CBFC9A9E9D21064834DD9E7 >> 110:d=5 hl=2 l= 32 prim: OCTET STRING [HEX >> DUMP]:504E1467FFE2112639C3128BD8D95BCD174BB0839E69AA79313A21CC1C947E9B >> 144:d=3 hl=2 l=inf cons: SEQUENCE >> 146:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data >> 157:d=4 hl=2 l= 29 cons: SEQUENCE >> 159:d=5 hl=2 l= 9 prim: OBJECT :aes-128-cbc >> 170:d=5 hl=2 l= 16 prim: OCTET STRING [HEX >> DUMP]:9E8C79FBC450997A71895D84938025A3 >> 188:d=4 hl=2 l=inf cons: cont [ 0 ] >> >> >> I tried the following command: >> >> $ openssl smime -decrypt -binary -in sec -inform DER -out >> outputfile.txt -passin stdin >> >> But the command line requires a -inkey arg. So I guess I am not using >> openssl command line properly. Could someone please correct my >> decryption command line (from the asn1parse output). >> > > That involves the use of a password based recipient info structure which > OpenSSL doesn't currently support.
Ah ! Thanks for the info. Doing some google search on the openssl mailing list it appears that PKCS5_PBKDF2_HMAC_SHA1 could be the function I am looking for ? Is this correct ? If this is the case I need to write something like: OpenSSL_add_all_algorithms(); EVP_PKEY *pkey = ??; // complex part data = BIO_new_mem_buf(array, len); // output of fread p7=d2i_PKCS7_bio(data,NULL)) p7bio=PKCS7_dataDecode(p7,pkey,NULL,NULL); What I am not clear is how do I create this EVP_PKEY from PKCS5_PBKDF2_HMAC_SHA1 function... Thanks for your help, -- Mathieu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
