On Fri, Feb 01, 2008, Peter Van Biesen wrote: > Are you saying that if I do not have the private key -verify says : > > "wrong content type" > > how does openssl know which key to use for decryption/verification ? Or does > it just try them all ? I have difficulty to believe that no information can > be retrieved from the pkcs7 container without the use of the private key . > > FYI : the reason I'm trying this is is because some messages do not decrypt > and I need a way to debug the communication. Btw, the messages I attached > previously were correctly processed ones, not faulty ones. >
There are indications in the message which allow the correct key to be identified. That error is caused by you attempting to perform and operation that is inconsistent with the content type. In this case you have an envelopedData type and you are attempting to verify a signature which is only performed on the signedData type. Instead of -verify try the -decrypt option to the smime utility and see what (if any) error messages you get. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
