I have a .p7m file that I want to decrypt. It is encrypted with with my ca.pem file. I have my ca.crt, ca.pem and ca.key
I tried several methods to decrypt it, for example:
openssl smime -verify -in file.p7m -inform der -noverify -signer ca.pem -out textdatabut none of them work.
I have managed to extract some information from email that I received with encrypted message with:
openssl smime -decrypt -in email.eml -inkey ca.key > mail.txtand got base64 raw data
--===============3728737985443050612==
Content-Type: application/octet-stream; Name="mails.p7"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="mails.p7"
RnJvbTogdHJ1bHlfk3j4h5g6kl34g6kk45hl6kb3VzQHlvdXdvbnRmaW5kbWUub3JnClRvOiBwZXRzLXR1d0BhcHBz
ZWMuYXQKU3ViamVjdDogSnVzdCBzbyB5b3Uga25vdwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50
LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0ic21pbWUucDdtIgpDb250ZW50LVR5
cGU6IGFwcGxpY2F0aW9uL3gtcGtjczctbWltZTsgc21pbWUtdHlwZT1lbnZlbG9wZWQtZGF0YTsg
bmFtZT0ic21pbWUucDdtIgpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQKCk1JSUJt
Z1lKS29aSWh2Y05BUWNEb0lJQml6Q0NBWWNDQVFBeGdnRkNNSUlCUGdJQkFEQ0JwakNCbURFTE1B
a0cKQTFVRUJoTUNjkherltkhjelrk4q4235qwtefsdCQWdNQmxacFpXNXVZVEVQTUEwR0ExVUVCd3dHVm1sbGJt
NWhNUkF3RGdZRApWUVFLREFkVVZTQlhhV1Z1TVJVd0V3WURWUVFMREF4VFFrRWdVbVZ6WldGeVky
Z3hHVEFYQmdOVkJBTU1FRUZzClpYaGhibVJsY2lCU1lYTm9aV1F4SXpBaEJna3Foa2lHOXcwQkNR
RVsdafsdasdqwe54q34512345xd2JHVkFertsergslkj34l5kj2h34lk5GMEFna0E2b1FQNjBVSkl4QXdEUVlKS29aSWh2
Y05BUUVCQlFBRWdZQ1ZiMGwybU83ek9NamhvbktaV3BMNwpoYks5dGI3aEVEVXhuWjNUM2wvWWVl
UExXTkw2VHI0cE50Zjh6L0ZxOUtvTWxnVzZzQ0dWVU5GbGxDemVzZXBhCkhLTHp4Q1RFWHl4bzRB
bStxeXVuVHFpMUVuWGJ3Tzg0YmtDeGVEUEhKU3M2bzhHVzRSdlErSG9yNFJ1Ydfgsdfgsdf
ZldnN29vRkZuUUZCRnZWREE4QmdrcWhraUc5dzBCQndFd0hRWUpZSVpJQVdVREJBRXFCQkNNNm5o3345345dsgfdfgsed0JCT1NFNGNjdXgxUVRXY0VEb1dWeVVZCgo=
--===============3728737985443050612==--then I tried:
openssl enc -d -base64 -in base64.raw -out result.txtbut this also doesnt work.
What am I doing wrong?
11 Answer
In order to decrypt an encrypted email, openssl smime -decrypt should be the correct approach. However, for one, openssl smime expects a mime message as its input, not only the p7m attachment. Plus, to decrypt, you need to specify the recipient's private key. This should work:
openssl smime -decrypt -in email.eml -recip recipient.pem
email.eml is the saved email in ASCII text format, and recipent.pem is the private key in PEM format. Note that the PEM format is not tied to whether it is the public or the private key/certificate. In your question, it remains unclear which format your file ca.key is in, but private keys are often stored in PKCS12 file format. To convert a PKCS12 format (p12 or pfx file suffix) into PEM, you may use
openssl pkcs12 -in recipient.p12 -out recipient.pem