Hi there I have some trouble using ssl in Apples Mail. I have two certificates, one for private (j...@me.com) and one for business (j...@acme.com). Both are valid certificates from Verisign.
With both certificates I can sign and encrypt (ok, encrypt not really depends on my cert), but I can decrypt only with the company cert. For whatever reason Mail alway reports that it cannot decrypt the email for my private account. So I exported the email as plain file (.eml extension). I also exported the corresponding certificate plus the key as .cert files and converted them using openssl (e.g. openssl x509 -inform der -in key2.cer -out key2.pem). If I now use openssl to decrypt, I get the following message: ---cut--- Dilbert:test user$ openssl smime -decrypt -recip cert.pem -inkey key2.pem -in smime.p7m Enter pass phrase for key2.pem: Error reading S/MIME message 3040:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:/SourceCache/OpenSSL098/OpenSSL098-30/src/crypto/pkcs7/pk7_mime.c:296: Dilbert:test adieball$ openssl smime -decrypt -recip cert.pem -inkey key2.pem -in testmail.eml Enter pass phrase for key2.pem: Error decrypting PKCS#7 structure 3111:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:/SourceCache/OpenSSL098/OpenSSL098-30/src/crypto/pkcs7/pk7_doit.c:450: 3111:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:/SourceCache/OpenSSL098/OpenSSL098-30/src/crypto/pkcs7/pk7_smime.c:470: Dilbert:test user$ ---cut--- I double-checked the mail for recipient Name and email and both are correct (case sensitivity checked). Beginning of key2.pem: ---cut--- Bag Attributes friendlyName: Schl<FC>ssel von digitalid.verisign.com localKeyID: 18 CA 83 04 84 DD 09 4B F9 E0 4B DC B0 DF 19 7B D1 A5 13 0B Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F011FC14BD2F6ECF sG3trM0OgPDbf8MqzlKl1y5tEz4jqq5N1V2PfJjf8BY8DlxEcMZEcbe8aKcp6DxM wuWzMY+QE60d64m3waX1WmHj9Iw9BaDz+SGBwSO1CpDkkPG/Ug0ohdmRvwKuDLNV [...] Beginning of cert2.pem: ---cut--- Bag Attributes friendlyName: John Doe localKeyID: 18 xx 83 xx 84 xx xx xx [...} subject=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital ID Class 1 - Netscape Full Service/CN=John Doe/emailaddress=j...@me.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)05/OU=Persona Not Validated/CN=VeriSign Class 1 Individual Subscriber CA - G2 -----BEGIN CERTIFICATE----- MIIFXjCCBEagAwIBAgIQKHvbtcfTy5QhIodqOcjMXDANBgkqhkiG9w0BAQUFADCB 3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL [...} (changed Name, Email and Key ID) OpenSSL> version OpenSSL 0.9.8l 5 Nov 2009 OpenSSL> Any help in guiding me to the right direction is appreciated. Thanks a lot in advance Andre
smime.p7s
Description: S/MIME cryptographic signature