All geek questions in one place

Convert from opaque pkcs7 p7m to remote smime

Hi, I couldn’t find a way to convert opaque pkcs # 7 (p7m) to pure textual de-styled smime so that the signed content can be processed using regular mime libraries.

I would like to take a p7m file and convert it to a smime message using a valid signature.

The steps should be:

  • extract signed content from p7m

  • Extract cms structure from p7m

  • compile everything in a new un-signed smime structure

Is this operation possible?

I searched openssl manuals but couldn't find a way to do this.

+6
source share
1 answer

I managed to convert messages with an opaque signature to separate files with the following code:

#include <openssl/evp.h> #include <openssl/bio.h> #include <openssl/pkcs7.h> int main(int argc, char **argv) { BIO *data = NULL, *bin = NULL, *bout = NULL; PKCS7 *p7, *p7b; OpenSSL_add_all_algorithms(); bin = BIO_new_file("opaque.p7m", "rb"); p7 = SMIME_read_PKCS7(bin, &data); p7b = PKCS7_dup(p7); data = PKCS7_dataInit(p7, NULL); PKCS7_set_detached(p7b, 1); bout = BIO_new_file("detached.p7m", "wb"); SMIME_write_PKCS7(bout, p7b, data, PKCS7_BINARY | SMIME_DETACHED); }

To test the program, I create opaque.p7m with the following command:

 $ openssl smime -sign -in foo.txt -signer my.crt -inkey my.key -nodetach -out opaque.p7m

To be concise, the code above has no checks. To accept different input formats, you can change SMIME_read_PKCS7 to PEM_read_bio_PKCS7 (PEM) or d2i_PKCS7_bio (DER).

+1
source

Source: https://habr.com/ru/post/897639/

More articles:


All Articles