'openssl CMS decryption fails

openssl cms -decrypt -in cms.txt -recip my_cert.pem -inkey private_key.pem

Error reading S/MIME message 140064210231744:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no content type:../crypto/asn1/asn_mime.c:391

encryptionopensslcertificatecontent-management-systemsmime


Solution 1:[1]

Did you check the correct header of your cms.txt ?

MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

Solution 2:[2]

I don't know what in cms.txt is. So, let me create my own.

First, I create the recipient's keypair with mkcert:

? mkcert --client [email protected]
Created a new local CA at "/home/user/.local/share/mkcert" ?
Warning: the local CA is not installed in the system trust store! ??
Warning: the local CA is not installed in the Firefox and/or Chrome/Chromium trust store! ??
Warning: the local CA is not installed in the Java trust store! ??
Run "mkcert -install" to avoid verification errors ??

Created a new certificate valid for the following names ?
 - "[email protected]"

The certificate is at "./[email protected]" and the key at "./[email protected]" ?
? ls -1
'[email protected]'
'[email protected]'

Let's create the cms.txt:

? echo "my secret message: blablub" | \
     openssl cms \
       -encrypt -aes256 -from [email protected] \
       -to [email protected] -subject "The secret" \
       -out cms.txt [email protected]
? cat cms.txt
To: [email protected]
From: [email protected]
Subject: The secret
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIB6AYJKoZIhvcNAQcDoIIB2TCCAdUCAQAxggGAMIIBfAIBADBkME8xHjAcBgNV
BAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTESMBAGA1UECwwJZGF2aWRAZGV4MRkw
FwYDVQQDDBBta2NlcnQgZGF2aWRAZGV4AhEAoS96wv/xKf/SKjgx3jJZxjANBgkq
hkiG9w0BAQEFAASCAQBmAwUHtaYweTiRgUlYx6B4WNylEIMXnG957cGzm397O+36
B8foGVpatYjaD3AjaNsgmqvklOqst8Y+5bpKk04gJSRffDj/cG3jYEgcq74mWaXO
1TE74UYoJvRaTDOX9SINyNl3TrP7fET2FqdspgejwqfwWWf+2acadR5MpiG6TANK
r9p/xchEwgc1pZEjHaxbMQLP3EuE16W6FMEsc7Ug5RxzvCtJ2KdTuIAQLNgZXwpJ
LLUZEHNNt9HW3yaGJEx+d9bVDYDMtghpoH7I5YrdoIUbVn7yZ/iN7+4L4MHODXCA
TBrmzBLWOz3y4mshzXsMIwAIbZIziaRFvFb0BYgrMEwGCSqGSIb3DQEHATAdBglg
hkgBZQMEASoEEJer1N1GGwOEJoXqAuxiJwaAIMGvrsbEwn4ZYARG09hkm2NBSqBJ
vRm9YcVN0d7S/EDz

You have to apply decryption only on the part which comes after the empty line:

? sed -n '/^$/,/^$/p' cms.txt | base64 -d | \
     openssl cms -inform DER -decrypt \
       -inkey [email protected]
my secret message: blablub

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Michael Fehr
Solution 2

Related Questions

How to make html file encrypted?

Difference result by using sign and verify for signature

Invalid argument(s): Input buffer too short AND Invalid or corrupted pad block

Extract metadata info and Validate digital signature from PDF file using Python

How to convert hexadecimal string to an array of UInt8 bytes in Swift?

file is encrypted or is not a database: , while compiling: select count(*) from sqlite_master;

Getting Started with crypto++ decryption with AES

Create compatible Java "RSA" signature using a PKCS#8 encoded private key

Is there any difference, if I init AES cipher, with and without IvParameterSpec

Flutter - How to decrypt a RSA private key encrypted string if we have RSA public key with us?

Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate

How to securely store a user password in java for reuse throughout application

How to store password field in oracle 11g database in encrypted form?

How to store password field in oracle 11g database in encrypted form?

CryptoJS - Decrypt an encrypted file