Re: SMIME Decryption
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Jul 2006 01:50:21 -0500
Actually, that was a little wrong. The trick is to create a new
EnvelopedCms, Decode it with the encrypted binary data and then Decrypt it.
Sorry about that.
Here is a console example I put together that dumps out an enveloped message
that I successfully decrypted via a cert on my machine. Note that you'll
want to still plug in the base64 data into the byte array instead of reading
the smime.p7m file from the file system like I did, but the rest should be
similar. My implementation assumes that the original message was ASCII
encoded, but that is usually true with email.
Note also that if you have an encrypted message, you can decode it without
decrypting it. You might do this to figure out who the message is addressed
to and what type of addressing it used. This often helps figure out why a
message might not get decrypted by Outlook or something (perhaps if the cert
with the matching serial number is missing).
HTH,
Joe K.
using System;
using System.Collections;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.IO;
using System.Text;
public class TestDecryptEnvelopedCms
{
public static void Main()
{
FileStream encFile = new FileStream(
@"c:\smime.p7m",
FileMode.Open
);
BinaryReader reader = new BinaryReader(encFile);
byte[] data = new byte[encFile.Length];
reader.Read(data, 0, Convert.ToInt32(encFile.Length));
try
{
EnvelopedCms envData = new EnvelopedCms();
envData.Decode(data);
Console.WriteLine("Message decoded...");
Console.WriteLine("");
Console.WriteLine("Encryption Algorithm");
Console.WriteLine(
" Name={0}",
envData.ContentEncryptionAlgorithm.Oid.FriendlyName
);
Console.WriteLine(
" Key length={0}",
envData.ContentEncryptionAlgorithm.KeyLength
);
Console.WriteLine();
Console.WriteLine("Recipients ({0})",
envData.RecipientInfos.Count);
foreach (RecipientInfo r in envData.RecipientInfos)
{
Console.WriteLine("=================");
Console.WriteLine(
" Encrypted key={0}",
BitConverter.ToString(r.EncryptedKey)
);
Console.WriteLine(
" Encryption alg={0}",
r.KeyEncryptionAlgorithm.Oid.FriendlyName
);
if (r.RecipientIdentifier.Type ==
SubjectIdentifierType.IssuerAndSerialNumber)
{
X509IssuerSerial xi =
(X509IssuerSerial) r.RecipientIdentifier.Value;
Console.WriteLine(" Issuer={0}", xi.IssuerName);
Console.WriteLine(" SerialNumber={0}",
xi.SerialNumber);
}
else
{
Console.WriteLine(
" SubjectKeyInfo={0}",
r.RecipientIdentifier.Value
);
}
}
Console.WriteLine("");
Console.WriteLine(
"Certificates ({0})",
envData.Certificates.Count
);
foreach (X509Certificate2 cert in envData.Certificates)
{
Console.WriteLine(" Subject={0}", cert.SubjectName);
}
Console.WriteLine("");
Console.WriteLine(
"Unprotected Attributes ({0})",
envData.UnprotectedAttributes.Count
);
foreach (CryptographicAttributeObject obj in
envData.UnprotectedAttributes)
{
Console.WriteLine(obj.Oid.FriendlyName);
}
Console.WriteLine("");
Console.WriteLine("Trying to decrypt...");
envData.Decrypt();
byte[] decData = envData.ContentInfo.Content;
Console.WriteLine();
Console.WriteLine("Decrypted message data");
Console.WriteLine("=====================================");
string message = Encoding.ASCII.GetString(decData);
foreach (char c in message)
{
Console.Write(c);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
finally
{
reader.Close();
}
Console.ReadLine();
}
}
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:u0ygPbupGHA.756@xxxxxxxxxxxxxxxxxxxxxxx
The EnvelopedCms class in System.Security.Cryptography.Pkcs is what you
want. Essentially, you want to get the binary data of the message, which
in your case is in base64. Grab that part of the data as a string and
convert to byte[] with Convert.FromBase64String. Then, create a
ContentInfo object with the byte[] and pass that into your EnvelopedCms
constructor. From there, you can decrypt, assuming you have the private
key available in a key store for one of the certificates the message was
addressed to.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
<rene.rugerio@xxxxxxxxx> wrote in message
news:1152831799.246093.174780@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi folks !
I am working on an application in dotnet 2.0; receiving a smime message
which reads something like
========================================
MIME-Version: 1.0
Content-type: application/x-pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
MIIcdsfefej [.....] (lots of chars)
========================================
What can i programatically do with the lot of chars, to get to the
original message ? I know in the content is the simmetric key of the
DES3 algorithm but it is encrypted with my public message, so i need to
decrypt it with my private and apply the des3.
but i do not how to do it !!?!!?
i know only the theory so far
but how to achieve this using C# is a mistery
best regards, thanks in advance
Michel Gallant, help me out in this one :D
.
- References:
- SMIME Decryption
- From: rene . rugerio
- Re: SMIME Decryption
- From: Joe Kaplan \(MVP - ADSI\)
- SMIME Decryption
- Prev by Date: Re: SMIME Decryption
- Next by Date: Re: How to - PKCS#7 in c#
- Previous by thread: Re: SMIME Decryption
- Next by thread: Re: AzMan connection problems
- Index(es):
Relevant Pages
|
