Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
The "numeric code" is the *exit* status of the program. You can find it in "$?" directly after the execution of the command (in any POSIX shell). Got it, thanks! Luckily for me, it’s zero. ;-) > Is there an equivalent, either in openssl tool itself, or in the email > clients that you know of? I don't know of any email clients that handle this properly, and I'm not familiar with the openssl time stamping CLI. The manpage is at: https://www.openssl.org/docs/man1.0.2/apps/ts.html https://www.openssl.org/docs/man1.1.0/apps/ts.html Thanks!! Will check. smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
> On Apr 6, 2017, at 5:16 PM, Blumenthal, Uri - 0553 - MITLL> wrote: > >> $ openssl cms -verify -verify_retcode -CAfile ~/Certs/Our_Root_CA.pem >> -inform SMIME -signer $author -in ~/Documents/test-smime-decr.txt > > I saw no numeric code – but no error either. The "numeric code" is the *exit* status of the program. You can find it in "$?" directly after the execution of the command (in any POSIX shell). > Yes, thanks! Done that. Checks out correctly. > >Further issues arise if the data is expected to remain verifiable >past the lifetime of the signer's certificate. It that case, it >should be verified on arrival and re-encrypted for long-term >storage using an integrity protection mechanism that does not >depend on the long-term validity of the signer's key. > > This is the trickiest one. > > With Java code signing tool (aka “jarsigner”) I can provide a “digital > notary” – timestamping authority that would digitally sign a timestamp > to deal with this “past the lifetime of the signer’s certificate” issue. > Done with “-tsa https://whatever.timestamping.authority.com” > > Is there an equivalent, either in openssl tool itself, or in the email > clients that you know of? I don't know of any email clients that handle this properly, and I'm not familiar with the openssl time stamping CLI. The manpage is at: https://www.openssl.org/docs/man1.0.2/apps/ts.html https://www.openssl.org/docs/man1.1.0/apps/ts.html -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL> wrote: Two problems here, the "Verification successful" message is just a diagnostic message to "stderr" and should not be considered a reliable indication of signature validity. You really should use the "-verify_retcode" option to ensure that verification failure leads to a non-zero exit code. $ openssl cms -verify -verify_retcode -CAfile ~/Certs/Our_Root_CA.pem -inform SMIME -signer $author -in ~/Documents/test-smime-decr.txt . . . . . --Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3-- Verification successful I saw no numeric code – but no error either. Secondly, you would typically care *who* signed the message, and just that it was signed by some random certificate issued by a trusted root. That’s right. ;-) Therefore, you should also use the: author=$(mktemp author.XX) ... -signer $author ... option to capture the signer's certificate, and then inspect it somehow (check the subject name or serial number, or ...). Yes, thanks! Done that. Checks out correctly. Further issues arise if the data is expected to remain verifiable past the lifetime of the signer's certificate. It that case, it should be verified on arrival and re-encrypted for long-term storage using an integrity protection mechanism that does not depend on the long-term validity of the signer's key. This is the trickiest one. With Java code signing tool (aka “jarsigner”) I can provide a “digital notary” – timestamping authority that would digitally sign a timestamp to deal with this “past the lifetime of the signer’s certificate” issue. Done with “-tsa https://whatever.timestamping.authority.com” Is there an equivalent, either in openssl tool itself, or in the email clients that you know of? smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL> wrote: > > But with your help, and providing the top root in the “-CAfile …” argument, I > got it!! > > > $ openssl cms -verify -CAfile ~/Certs/Our_Root_CA.pem -inform SMIME -in > ~/Documents/test-smime-decr.txt > Content-Type: multipart/alternative; > boundary=Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3 > Content-Transfer-Encoding: 7bit > > > --Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3 > Content-Type: text/plain; > charset=us-ascii > . . . . . > --Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3-- > Verification successful Two problems here, the "Verification successful" message is just a diagnostic message to "stderr" and should not be considered a reliable indication of signature validity. You really should use the "-verify_retcode" option to ensure that verification failure leads to a non-zero exit code. Secondly, you would typically care *who* signed the message, and just that it was signed by some random certificate issued by a trusted root. Therefore, you should also use the: author=$(mktemp author.XX) ... -signer $author ... option to capture the signer's certificate, and then inspect it somehow (check the subject name or serial number, or ...). Further issues arise if the data is expected to remain verifiable past the lifetime of the signer's certificate. It that case, it should be verified on arrival and re-encrypted for long-term storage using an integrity protection mechanism that does not depend on the long-term validity of the signer's key. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
You really should peruse the cms(1) manpage, daunting as that might be. :-) Alas, it is! ;-) > And if I (failing to validate the certificate chain) want to just check > whether the decrypted message was tampered with – is there a way to do > that (without validating the certificate chain)? If a single self-signed certificate is the expected signer, then you can dispense with all the PKI nonsense and just test for the expected signer. With OpenSSL 1.1.0: openssl cms -CAfile signer.pem -no-CApath ... with older versions: empty=$(mktemp -d empty.XX) openssl cms -CAfile signer.pem -CApath "$empty" ... rmdir "$empty" Well, no – somehow it mistook the Root CA cert for “self-signed”. There actually are three levels: Root CA -> Cert-issuing CA -> Signer Cert. I verified that all the three certificates are present in that CMS message. So I need to either somehow tell openssl that one of those is the root, or point to an external PEM file containing the root ca cert copy. But with your help, and providing the top root in the “-CAfile …” argument, I got it!! $ openssl cms -verify -CAfile ~/Certs/Our_Root_CA.pem -inform SMIME -in ~/Documents/test-smime-decr.txt Content-Type: multipart/alternative; boundary=Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3 Content-Transfer-Encoding: 7bit --Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3 Content-Type: text/plain; charset=us-ascii . . . . . --Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3-- Verification successful $ smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
> On Apr 6, 2017, at 3:54 PM, Blumenthal, Uri - 0553 - MITLL> wrote: > > Content-Type: multipart/signed; > ... > Hoping that it includes the signing certificate of the signer, I tried to > verify its signature by: > > $ openssl cms -verify -inform SMIME -in ~/Documents/test-smime-decr.txt > Verification failure > 140735229702224:error:2E099064:CMS > routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify > error:cms_smime.c:287:Verify error:self signed certificate in certificate > chain You really should peruse the cms(1) manpage, daunting as that might be. :-) Try: author=$(mktemp author.pem.XX) data=$(mktemp data.eml.XX) openssl cms -verify_retcode -verify -signer $author -CAfile /some/ca/certs.pem -out $data || { rm -f "$author" "$data" echo "verification failed" } ... The original data (sans signature encapsulation) will be in the file named "$data". > How do I find out what certificate chain the signer used? How do I verify > the signature? If I have a directory that holds files of all the CAs I use, > is it enough to just give it in “-CApath ${HOME}/my_cert_dir”, You can use some appropriate combination of -CAfile and -CApath. Perhaps both, just in case, to avoid use of default CAfile or CApath, I don't recall whether cms(1) uses the default file/path. > or does that directory have to have a special structure (and the certs have to > be in a certain format)? No, just standard, unless the keyUsage or extendedKeyUsage bits prohibit use for emailProtection. > And if I (failing to validate the certificate chain) want to just check > whether the decrypted message was tampered with – is there a way to do > that (without validating the certificate chain)? If a single self-signed certificate is the expected signer, then you can dispense with all the PKI nonsense and just test for the expected signer. With OpenSSL 1.1.0: openssl cms -CAfile signer.pem -no-CApath ... with older versions: empty=$(mktemp -d empty.XX) openssl cms -CAfile signer.pem -CApath "$empty" ... rmdir "$empty" -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
If the message is signed and then encrypted, you can then check the signature on the decrypted output. This is what the decrypted message looks like (it’s first few lines): $ head ~/Documents/test-smime-decr.txt Content-Type: multipart/signed; boundary=Apple-Mail-D1CE77F5-394F-4A97-918E-2D73904720BC; protocol="application/pkcs7-signature"; micalg=sha1 Content-Transfer-Encoding: 7bit --Apple-Mail-D1CE77F5-394F-4A97-918E-2D73904720BC Content-Type: multipart/alternative; boundary=Apple-Mail-7BC1697A-2A03-429F-A5F0-817DB6DBCEB3 Hoping that it includes the signing certificate of the signer, I tried to verify its signature by: $ openssl cms -verify -inform SMIME -in ~/Documents/test-smime-decr.txt Verification failure 140735229702224:error:2E099064:CMS routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify error:cms_smime.c:287:Verify error:self signed certificate in certificate chain $ How do I find out what certificate chain the signer used? How do I verify the signature? If I have a directory that holds files of all the CAs I use, is it enough to just give it in “-CApath ${HOME}/my_cert_dir”, or does that directory have to have a special structure (and the certs have to be in a certain format)? In my case they’re a mix of PEM and DER files (with extensions .pem and .cer). And if I (failing to validate the certificate chain) want to just check whether the decrypted message was tampered with – is there a way to do that (without validating the certificate chain)? Thanks! smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
I have no experience with engines and little interest at present in going there. ( For CMS decryption without engines: $ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml Thank you!! Decryption succeeded (using the signing key – which the sender should not have done). smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
> On Apr 6, 2017, at 2:47 PM, Blumenthal, Uri - 0553 - MITLL> wrote: > > Would you be able to provide me with a command line that would allow me to > *decrypt* the message? My keys are on a hardware token, so I’ll have to use > "–engine pkcs11 –keyform ENGINE" I have no experience with engines and little interest at present in going there. For CMS decryption without engines: $ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml If the message is signed and then encrypted, you can then check the signature on the decrypted output. If it is encrypted then signed, you can check the signature prior to decryption with 'openssl cms -verify'. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
For S/MIME input: $ openssl cms -in cms.eml -cmsout -print For DER input: $ openssl cms -inform DER -in cms.der -cmsout -print Thank you!!! The above gave me: CMS_ContentInfo: contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3) . . . . . originatorInfo: recipientInfos: d.ktri: version: d.issuerAndSerialNumber: issuer: CN=serialNumber: 1468961193 keyEncryptionAlgorithm: algorithm: rsaEncryption (1.2.840.113549.1.1.1) parameter: NULL encryptedKey: - bb 14 f6 cc 55 26 86 ca-71 b4 2f 55 11 f0 bb U&..q./U... . . . . . It showed me that the serial number of the intended recipient’s cert corresponded to the *signing* key and certificate (instead of the encryption key/cert). Which is why the legitimate clients refused to decrypt this email. Would you be able to provide me with a command line that would allow me to *decrypt* the message? My keys are on a hardware token, so I’ll have to use “–engine pkcs11 –keyform ENGINE”… Thanks!! smime.p7s Description: S/MIME cryptographic signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to "unwrap" S/MIME messages using openssl?
> On Apr 6, 2017, at 1:25 PM, Blumenthal, Uri - 0553 - MITLL> wrote: > > I’m trying to debug the case of a (bad) email client sending encrypted S/MIME > email that the recipient cannot decrypt (we suspect the problem is that the > sender chooses a wrong public key/certificate to encrypt to). > > Unfortunately, recipient email clients do not help figuring this out. All > they say is “you do not have the right key…”. > > My goal is to “unwrap” the CMS/SMIME message, and print out some identity of > the recipient key/cert (anything that would allow me to tie this email to any > of the keys I have, or to ascertain that it’s none of those) would help > greatly. Printing out other details, such as “algorithms used” would also be > helpful. > > I’m sure it’s possible to write an application to do that. But I strongly > suspect that the “openssl” command line tool would be able to address this > problem. > > Would somebody on this list please show me how I can print the “metadata” > (yes, that big word ☺) of the S/MIME email using openssl? For S/MIME input: $ openssl cms -in cms.eml -cmsout -print For DER input: $ openssl cms -inform DER -in cms.der -cmsout -print -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users