Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light!
Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client.
Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK.
Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem.
Examination of the ASN.1 (by hand as well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlike the des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no.
Anyone got any ideas, I'm assuming I'm missing a point somewhere!
Peter Cope
