Steve, sorry forget to include the asn1parse output ...
I've X'd out sensitive stuff:
0:d=0 hl=4 l=57226 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData
15:d=1 hl=4 l=57211 cons: cont [ 0 ]
19:d=2 hl=4 l=57207 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :00
26:d=3 hl=4 l= 308 cons: SET
30:d=4 hl=4 l= 304 cons: SEQUENCE
34:d=5 hl=2 l= 1 prim: INTEGER :00
37:d=5 hl=3 l= 152 cons: SEQUENCE
40:d=6 hl=3 l= 146 cons: SEQUENCE
43:d=7 hl=2 l= 11 cons: SET
45:d=8 hl=2 l= 9 cons: SEQUENCE
47:d=9 hl=2 l= 3 prim: OBJECT :countryName
52:d=9 hl=2 l= 2 prim: PRINTABLESTRING :GB
56:d=7 hl=2 l= 19 cons: SET
58:d=8 hl=2 l= 17 cons: SEQUENCE
&nb sp; 60:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
65:d=9 hl=2 l= 10 prim: PRINTABLESTRING :XXXXXXXXXX
77:d=7 hl=2 l= 15 cons: SET
79:d=8 hl=2 l= 13 cons: SEQUENCE
81:d=9 hl=2 l= 3 prim: OBJECT :localityName
86:d=9 hl=2 l= 6 prim: PRINTABLESTRING :XXXXXX
94:d=7 hl=2 l= 12 cons: SET
96:d=8 hl=2 l= 10 cons: SEQUENCE
&n bsp; 98:d=9 hl=2 l= 3 prim: OBJECT :organizationName
103:d=9 hl=2 l= 3 prim: PRINTABLESTRING :XXX
108:d=7 hl=2 l= 12 cons: SET
110:d=8 hl=2 l= 10 cons: SEQUENCE
112:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
117:d=9 hl=2 l= 3 prim: PRINTABLESTRING :xxx
122:d=7 hl=2 l= 21 cons: SET
124:d=8 hl=2 l= 19 cons: SEQUENCE
126:d=9 hl=2 l= 3 prim: OBJECT :commonName
131:d=9 hl=2 l= 12 prim: PRINTABLESTRING :xxxxxxxxxxxx
145:d=7 hl=2 l= 42 cons: SET
147:d=8 hl=2 l= 40 cons: SEQUENCE
149:d=9 hl=2 l= 9 prim: OBJECT :emailAddress
160:d=9 hl=2 l= 27 prim: IA5STRING :[EMAIL PROTECTED]
189:d=6 hl=2 l= 1 prim: INTEGER :1C
192:d=5 hl=2 l= 13 cons: SEQUENCE
194:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
205:d=6 hl=2 l= 0 prim: NULL
207:d=5 hl=3 l= 128 prim: OCTET STRING
338:d=3 hl=4 l=56888 cons: SEQUENCE
342:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
353:d=4 hl=2 l= 15 cons: SEQUENCE
355:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
365:d=5 hl=2 l= 3 cons: SEQUENCE
367:d=6 hl=2 l= 1 prim: INTEGER :3A
370:d=4 hl=4 l=56856 prim: cont [ 0 ]
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData
15:d=1 hl=4 l=57211 cons: cont [ 0 ]
19:d=2 hl=4 l=57207 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :00
26:d=3 hl=4 l= 308 cons: SET
30:d=4 hl=4 l= 304 cons: SEQUENCE
34:d=5 hl=2 l= 1 prim: INTEGER :00
37:d=5 hl=3 l= 152 cons: SEQUENCE
40:d=6 hl=3 l= 146 cons: SEQUENCE
43:d=7 hl=2 l= 11 cons: SET
45:d=8 hl=2 l= 9 cons: SEQUENCE
47:d=9 hl=2 l= 3 prim: OBJECT :countryName
52:d=9 hl=2 l= 2 prim: PRINTABLESTRING :GB
56:d=7 hl=2 l= 19 cons: SET
58:d=8 hl=2 l= 17 cons: SEQUENCE
&nb sp; 60:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
65:d=9 hl=2 l= 10 prim: PRINTABLESTRING :XXXXXXXXXX
77:d=7 hl=2 l= 15 cons: SET
79:d=8 hl=2 l= 13 cons: SEQUENCE
81:d=9 hl=2 l= 3 prim: OBJECT :localityName
86:d=9 hl=2 l= 6 prim: PRINTABLESTRING :XXXXXX
94:d=7 hl=2 l= 12 cons: SET
96:d=8 hl=2 l= 10 cons: SEQUENCE
&n bsp; 98:d=9 hl=2 l= 3 prim: OBJECT :organizationName
103:d=9 hl=2 l= 3 prim: PRINTABLESTRING :XXX
108:d=7 hl=2 l= 12 cons: SET
110:d=8 hl=2 l= 10 cons: SEQUENCE
112:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
117:d=9 hl=2 l= 3 prim: PRINTABLESTRING :xxx
122:d=7 hl=2 l= 21 cons: SET
124:d=8 hl=2 l= 19 cons: SEQUENCE
126:d=9 hl=2 l= 3 prim: OBJECT :commonName
131:d=9 hl=2 l= 12 prim: PRINTABLESTRING :xxxxxxxxxxxx
145:d=7 hl=2 l= 42 cons: SET
147:d=8 hl=2 l= 40 cons: SEQUENCE
149:d=9 hl=2 l= 9 prim: OBJECT :emailAddress
160:d=9 hl=2 l= 27 prim: IA5STRING :[EMAIL PROTECTED]
189:d=6 hl=2 l= 1 prim: INTEGER :1C
192:d=5 hl=2 l= 13 cons: SEQUENCE
194:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
205:d=6 hl=2 l= 0 prim: NULL
207:d=5 hl=3 l= 128 prim: OCTET STRING
338:d=3 hl=4 l=56888 cons: SEQUENCE
342:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
353:d=4 hl=2 l= 15 cons: SEQUENCE
355:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
365:d=5 hl=2 l= 3 cons: SEQUENCE
367:d=6 hl=2 l= 1 prim: INTEGER :3A
370:d=4 hl=4 l=56856 prim: cont [ 0 ]
The block beyond 370 is not ASN.1 (which I understand is OK, according to S/MIME).
Peter
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
On Fri, Mar 04, 2005, Peter Cope wrote:
> Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light!
>
> Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client.
>
> Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK.
> Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem.
>
> Examination of the ASN.1 (by ha nd as well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlike the des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no.
>
> Anyone got any ideas, I'm assuming I'm missing a point somewhere!
>
Hard to say without the file that OpenSSL doesn't like or the output of
asn1parse.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
