解压 smime 文件时出错

解压 smime 文件时出错

我从朋友那里收到了这个文件。我使用命令来解压缩它:

openssl cms -uncompress -in myfile.txt -out content.txt

但有错误:

Error reading S/MIME message
4294956672:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157:
4294956672:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode error:asn_mime.c:192:
4294956672:error:0D0D40CB:asn1 encoding routines:SMIME_read_ASN1:asn1 parse error:asn_mime.c:517:

我将 myfile.txt 上传到 Google Drive,您可以通过以下方式查看我的文件.txt

谢谢。

答案1

openssl cms(也是较早且功能较弱的smime)使用内部例程仅为内容传输编码实现 SMIME 格式:base64 和不支持内容传输编码:二进制.FWIW 这些是记录 作为错误,因此可能有一天会得到修复。

作为一种解决方法,在 Unix 上,你可以丢弃 MIME 标头,sed保留二进制主体,这openssl 句柄(作为 der):

$ sed '1,/^\r$/d' <suA97544.mime >suA97544.body
$ ll suA975*
-rw-r--r--. 1 [redacted] 2760 Jul  6 23:07 suA97544.body
-rw-r--r--. 1 [redacted] 2934 Jul  6 22:26 suA97544.mime
$ openssl cms -uncompress -inform der -in suA97544.body
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="boundaryk/tP"

--boundaryk/tP
Content-Type: application/edi-x12
Content-Transfer-Encoding: binary
Content-Disposition: Attachment; filename="test_data_1.edi"

[content snipped but it does look like EDI to me]

--boundaryk/tP
Content-Type: application/pkcs7-signature;      name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIIETwYJKoZIhvcNAQcCoIIEQDCCBDwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAoUw
ggKBMIIB6qADAgECAgICzDANBgkqhkiG9w0BAQsFADCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYD
VQQKEwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZS
U1NCdXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20wHhcN
MTYwNzA2MDM0OTMwWhcNMjEwNzA1MDM0OTMwWjCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYDVQQK
EwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZSU1NC
dXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAOX0Z14r96LO/4MucxgoIEa2UZkpxHhvR00mwVpqBS0l0Kn9
2zI8RbVnDXUotaNB0KzadVct+AjivFj07YbX+EW0WAPhspXLrIxsxX3AIqfGC6KEK4CCfhwdazns
8n9jIHWCqk/kfnYpTWINeAPxQs3OgzbZrd3AowI+dFsYKFqRAgMBAAEwDQYJKoZIhvcNAQELBQAD
gYEAZVU+LCu1fARUGDxyGk10EeTXhMTSukw6EOLEAixUA8rr3nvj4dk2EbUlKNeaQ+4VjTJMRBGp
PF/0Pdw6olBerldJYq6Ri7XLFOwexNc2/j4oEEahAUHxH5YTGLiDiaTKJ2jjP0CVSqF34ElFLcdq
pKjgJe/wRZDk845AgGjvu00xggGSMIIBjgIBATCBjDCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYD
VQQKEwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZS
U1NCdXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20CAgLM
MAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0x
NjA3MDYwNDA4MjlaMCMGCSqGSIb3DQEJBDEWBBRlZtMMIUzoSqDb4wc6ClFNPoEvpjANBgkqhkiG
9w0BAQEFAASBgKNvF+6hCS1TH1XPEfty2Dz9OvJ6LqKCDfzC/W9GPvo3Te0u00T21hPM1imfJJaD
oc6LFxiyE5JwXkgJBq7kx1yaYXL3coDdlnrrff3dvJos6yoY1DoHc+/b1wQyDIfrZTQeUf2F3XkA
RYV+n0be2C4zaBCz6F5JrCJob3uw2xVK

--boundaryk/tP--

如果我并不显示解压缩的输出,而是将其放入文件中并尝试cms -verify(默认为 SMIME 格式),它会成功解析但验证失败,因为证书是自签名的;如果我提取证书并手动信任它(这当然不安全,但这只是一个测试)它会验证。

嗨嗨。

相关内容