I have a .p7m file that I want to decrypt. It is encrypted with with my ca.pem file. I have my ca.crt, ca.pem and ca.key
I tried several methods to decrypt it, for example:
openssl smime -verify -in file.p7m -inform der -noverify -signer ca.pem -out textdata but none of them work.
I have managed to extract some information from email that I received with encrypted message with:
openssl smime -decrypt -in email.eml -inkey ca.key > mail.txt and got base64 raw data
--===============3728737985443050612== Content-Type: application/octet-stream; Name="mails.p7" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="mails.p7" RnJvbTogdHJ1bHlfk3j4h5g6kl34g6kk45hl6kb3VzQHlvdXdvbnRmaW5kbWUub3JnClRvOiBwZXRzLXR1d0BhcHBz ZWMuYXQKU3ViamVjdDogSnVzdCBzbyB5b3Uga25vdwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50 LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0ic21pbWUucDdtIgpDb250ZW50LVR5 cGU6IGFwcGxpY2F0aW9uL3gtcGtjczctbWltZTsgc21pbWUtdHlwZT1lbnZlbG9wZWQtZGF0YTsg bmFtZT0ic21pbWUucDdtIgpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQKCk1JSUJt Z1lKS29aSWh2Y05BUWNEb0lJQml6Q0NBWWNDQVFBeGdnRkNNSUlCUGdJQkFEQ0JwakNCbURFTE1B a0cKQTFVRUJoTUNjkherltkhjelrk4q4235qwtefsdCQWdNQmxacFpXNXVZVEVQTUEwR0ExVUVCd3dHVm1sbGJt NWhNUkF3RGdZRApWUVFLREFkVVZTQlhhV1Z1TVJVd0V3WURWUVFMREF4VFFrRWdVbVZ6WldGeVky Z3hHVEFYQmdOVkJBTU1FRUZzClpYaGhibVJsY2lCU1lYTm9aV1F4SXpBaEJna3Foa2lHOXcwQkNR RVsdafsdasdqwe54q34512345xd2JHVkFertsergslkj34l5kj2h34lk5GMEFna0E2b1FQNjBVSkl4QXdEUVlKS29aSWh2 Y05BUUVCQlFBRWdZQ1ZiMGwybU83ek9NamhvbktaV3BMNwpoYks5dGI3aEVEVXhuWjNUM2wvWWVl UExXTkw2VHI0cE50Zjh6L0ZxOUtvTWxnVzZzQ0dWVU5GbGxDemVzZXBhCkhLTHp4Q1RFWHl4bzRB bStxeXVuVHFpMUVuWGJ3Tzg0YmtDeGVEUEhKU3M2bzhHVzRSdlErSG9yNFJ1Ydfgsdfgsdf ZldnN29vRkZuUUZCRnZWREE4QmdrcWhraUc5dzBCQndFd0hRWUpZSVpJQVdVREJBRXFCQkNNNm5o3345345dsgfdfgsed0JCT1NFNGNjdXgxUVRXY0VEb1dWeVVZCgo= --===============3728737985443050612==-- then I tried:
openssl enc -d -base64 -in base64.raw -out result.txt but this also doesnt work.
What am I doing wrong?
11 Answer
In order to decrypt an encrypted email, openssl smime -decrypt should be the correct approach. However, for one, openssl smime expects a mime message as its input, not only the p7m attachment. Plus, to decrypt, you need to specify the recipient's private key. This should work:
openssl smime -decrypt -in email.eml -recip recipient.pem
email.eml is the saved email in ASCII text format, and recipent.pem is the private key in PEM format. Note that the PEM format is not tied to whether it is the public or the private key/certificate. In your question, it remains unclear which format your file ca.key is in, but private keys are often stored in PKCS12 file format. To convert a PKCS12 format (p12 or pfx file suffix) into PEM, you may use
openssl pkcs12 -in recipient.p12 -out recipient.pem