The "numeric code" is the *exit* status of the program. You can
find it in "$?" directly after the execution of the command (in
any POSIX shell).
Got it, thanks! Luckily for me, it’s zero. ;-)
> Is there an equivalent, either in openssl tool itself, or in the email
> clients
> On Apr 6, 2017, at 5:16 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>> $ openssl cms -verify -verify_retcode -CAfile ~/Certs/Our_Root_CA.pem
>> -inform SMIME -signer $author -in ~/Documents/test-smime-decr.txt
>
> I saw no numeric code – but no error either.
The
> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
Two problems here, the "Verification successful" message is just a
diagnostic message to "stderr" and should not be considered a
reliable indication of signature validity. You really should
> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> But with your help, and providing the top root in the “-CAfile …” argument, I
> got it!!
>
>
> $ openssl cms -verify -CAfile ~/Certs/Our_Root_CA.pem -inform SMIME -in
>
You really should peruse the cms(1) manpage, daunting as that might be. :-)
Alas, it is! ;-)
> And if I (failing to validate the certificate chain) want to just check
> whether the decrypted message was tampered with – is there a way to do
> that (without validating the
> On Apr 6, 2017, at 3:54 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> Content-Type: multipart/signed;
> ...
> Hoping that it includes the signing certificate of the signer, I tried to
> verify its signature by:
>
> $ openssl cms -verify -inform SMIME -in
If the message is signed and then encrypted, you can then check the
signature on the decrypted output.
This is what the decrypted message looks like (it’s first few lines):
$ head ~/Documents/test-smime-decr.txt
Content-Type: multipart/signed;
I have no experience with engines and little interest at present in going
there.
(
For CMS decryption without engines:
$ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml
Thank you!! Decryption succeeded (using the signing key – which the sender
> On Apr 6, 2017, at 2:47 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> Would you be able to provide me with a command line that would allow me to
> *decrypt* the message? My keys are on a hardware token, so I’ll have to use
> "–engine pkcs11 –keyform ENGINE"
I have no
For S/MIME input:
$ openssl cms -in cms.eml -cmsout -print
For DER input:
$ openssl cms -inform DER -in cms.der -cmsout -print
Thank you!!!
The above gave me:
CMS_ContentInfo:
contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
. . . . .
> On Apr 6, 2017, at 1:25 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> I’m trying to debug the case of a (bad) email client sending encrypted S/MIME
> email that the recipient cannot decrypt (we suspect the problem is that the
> sender chooses a wrong public
I’m trying to debug the case of a (bad) email client sending encrypted S/MIME
email that the recipient cannot decrypt (we suspect the problem is that the
sender chooses a wrong public key/certificate to encrypt to).
Unfortunately, recipient email clients do not help figuring this out. All
12 matches
Mail list logo