Openssl cms with mendelsonAS2

You are here

HomeForumSoftwareOpen Source SoftwareAS2AS2 compatibility

Openssl cms with mendelsonAS2

3 posts / 0 new
Log in or register to post comments
Last post
Wed, 2010-08-18 13:53
#1
vindows
vindows's picture
Openssl cms with mendelsonAS2

Hi,

Could anyone tell me if "openssl cms -..." will work for mendelson AS2 messages?

I did a quick check for openssl on the forum, I did not come across anything that clearly mentioned this.

Here is what I am doing:
1. I send a signed & encrypted message to another AS2 setup.
2. I capture the message using a tool (or the .as2 message from the _rawincoming folder)
3. I use the following command:
E:\OpenSSL-Win32>openssl cms -decrypt -in 20100818163008859_192.168.0.88.as2 -inkey mend_2_88.pem -CAfile mend_2_88.pem -out test_new.txt

I get the following error:
Enter pass phrase for mend_2_88.pem:
Error reading S/MIME message
1564:error:0D0D40D1:asn1 encoding routines:SMIME_read_ASN1:no content type:.\crypto\asn1\asn_mime.c:447:

I am waiting for a response from the openssl community as well, however, just thought if someone here would be able to answer me.

Thanks & Regards,
Vindows

Top
Wed, 2010-08-18 16:26
heller
heller's picture

Vindows,

have you tried the "openssl smime" command?

Regards
Heller

Top
Wed, 2010-08-18 19:05
mccachar
mccachar's picture

FWIW, I found a nice pair of tools on Linux, mpack and munpack, that will pull the mime-encoded payloads out of the .decrypted files in _rawincoming. If it helps, I wrote the script below to automate the process (since I think I might have to do it from time to time). FYI, the "per-hour" directories were done because of the number of files we're receiving; too many to work with comfortably in one directory.


#!/bin/bash
#CPM 13Aug2010, this script will take a directory of "_rawincoming" data produced by Mendelson AS2 and extract the mime-encoded payload from the *.decrypted files, creating per-hour directories based on the filenames (e.g. 20100812043956213_111.222.333.444.as2.decrypted).
#Set the directory we're working in. Putting the files to work with on a RAM disk makes things *much* faster.
decrypted_dir=/home/mendelson/decrypted
function do_file {
file_spec=$1
file_name=`basename $file_spec`
echo "Working on $file_spec..."
#Strip out just the two-digit hour from the filename.
hour=${file_name:8:2}
#Create the per-hour directory, if it's not there already.
if [ ! -d $decrypted_dir/$hour ]; then
mkdir -p $decrypted_dir/$hour/encoded
fi
#Note that we're putting the encoded file in an "encoded" directory; the resulting payload will be in the per-hour directory.
mv $file_spec $decrypted_dir/$hour/encoded
#Along with the payload, there's a p7s file that we want to get rid of, so we're doing it all on one line.
rm $decrypted_dir/$hour/`munpack -C $decrypted_dir/$hour $decrypted_dir/$hour/encoded/$file_name | grep smime.p7s | cut -d \ -f 1`
}
for i in $decrypted_dir/*.decrypted; do
do_file $i
done

Thanks,
Chaz

Top