> Liam Walker wrote: > > > $ openssl pkcs7 -in LiamWalker.p7b -inform DER -out LiamWalker.pem > -outform PEM >
This command is converting a PKCS#7 structure from DER to PEM format... > This generated the appropriate output files so I assume they are ok. > openssl pkcs7 with -print_certs was able to read these files. > If you include -print_certs it will output certificates in PEM format... > > Attempted to produce a email message in SMIME format: > ----------------------------------------------------------------------------------- > > I then was experimenting with with the openssl smime command to try > and generate a properly formatted file to myself from myself. Later I > would use sendmail or somethign to actually deliver the message. I > used the following command: > > $ openssl smime -encrypt -des3 -nointern -nosigs -noverify -recip > LiamWalker.pem -in msg.txt -out msg.enc -to "[EMAIL PROTECTED]" -from > "[EMAIL PROTECTED]" -subject "Test using openssl" LiamWalker.pem > The smime command is expecting certificates in PEM format not PKCS#7 structures. You've also got a load of options which aren't used by the -encrypt option. In particular -nointern -nosigs -noverify -recip. > > The output for this command was as follows: > > Loading 'screen' into random state - done > unable to load certificate > 360:error:0906D06C:PEM routines:PEM_read_bio:no start > line:.\crypto\pem\pem_lib. > c:662:Expecting: TRUSTED CERTIFICATE > Can't read recipient certificate file ./LiamWalker.pem > > > The -to email address matches the email address in the certificate > specified by -recip and the -from email address matches the email > address in the last option (LiamWalker.pem). > > Can anyone give me a hint as to what is going on here? > Include the -print_certs option when you convert the .p7b file containing the certificates. If you get more than one certificate you'll have to sort out which is the actual user certificate, though its normally the first. > > Thanks, > .maiL > > P.S. I assume that you use multiple -to and -recip options to have > the message encrypted to multiple people? No. The -to command is just a convenience that produces something resembling the correct MIME format for an email message. If you want something readable by multiple certificates then include them on the command line to smime: you'll have to format the email message headers yourself or use one -to option and include manually include like CC: As I mentioned above -recip isn't use with smime -encrypt. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
