Hi there I have some trouble using ssl in Apples Mail. I have two certificates, one for private (j...@me.com) and one for business (j...@acme.com). Both are valid certificates from Verisign.
With both certificates I can sign and encrypt (ok, encrypt not really depends
on my cert), but I can decrypt only with the company cert.
For whatever reason Mail alway reports that it cannot decrypt the email for my
private account.
So I exported the email as plain file (.eml extension). I also exported the
corresponding certificate plus the key as .cert files and converted them using
openssl (e.g. openssl x509 -inform der -in key2.cer -out key2.pem).
If I now use openssl to decrypt, I get the following message:
---cut---
Dilbert:test user$ openssl smime -decrypt -recip cert.pem -inkey key2.pem -in
smime.p7m
Enter pass phrase for key2.pem:
Error reading S/MIME message
3040:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content
type:/SourceCache/OpenSSL098/OpenSSL098-30/src/crypto/pkcs7/pk7_mime.c:296:
Dilbert:test adieball$ openssl smime -decrypt -recip cert.pem -inkey key2.pem
-in testmail.eml
Enter pass phrase for key2.pem:
Error decrypting PKCS#7 structure
3111:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches
certificate:/SourceCache/OpenSSL098/OpenSSL098-30/src/crypto/pkcs7/pk7_doit.c:450:
3111:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
error:/SourceCache/OpenSSL098/OpenSSL098-30/src/crypto/pkcs7/pk7_smime.c:470:
Dilbert:test user$
---cut---
I double-checked the mail for recipient Name and email and both are correct
(case sensitivity checked).
Beginning of key2.pem:
---cut---
Bag Attributes
friendlyName: Schl<FC>ssel von digitalid.verisign.com
localKeyID: 18 CA 83 04 84 DD 09 4B F9 E0 4B DC B0 DF 19 7B D1 A5 13 0B
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F011FC14BD2F6ECF
sG3trM0OgPDbf8MqzlKl1y5tEz4jqq5N1V2PfJjf8BY8DlxEcMZEcbe8aKcp6DxM
wuWzMY+QE60d64m3waX1WmHj9Iw9BaDz+SGBwSO1CpDkkPG/Ug0ohdmRvwKuDLNV
[...]
Beginning of cert2.pem:
---cut---
Bag Attributes
friendlyName: John Doe
localKeyID: 18 xx 83 xx 84 xx xx xx [...}
subject=/O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=www.verisign.com/repository/RPA Incorp. by
Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital ID Class 1 - Netscape
Full Service/CN=John Doe/emailaddress=j...@me.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/OU=Persona Not Validated/CN=VeriSign Class 1
Individual Subscriber CA - G2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIQKHvbtcfTy5QhIodqOcjMXDANBgkqhkiG9w0BAQUFADCB
3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
[...}
(changed Name, Email and Key ID)
OpenSSL> version
OpenSSL 0.9.8l 5 Nov 2009
OpenSSL>
Any help in guiding me to the right direction is appreciated.
Thanks a lot in advance
Andre
smime.p7s
Description: S/MIME cryptographic signature
