解压 smime 文件时出错

Question

openssl cms（也是较早且功能较弱的smime）使用内部例程仅为内容传输编码实现 SMIME 格式：base64 和不支持内容传输编码：二进制.FWIW 这些是记录作为错误，因此可能有一天会得到修复。

作为一种解决方法，在 Unix 上，你可以丢弃 MIME 标头，sed保留二进制主体，这openssl 能句柄（作为 der）：

$ sed '1,/^\r$/d' <suA97544.mime >suA97544.body
$ ll suA975*
-rw-r--r--. 1 [redacted] 2760 Jul  6 23:07 suA97544.body
-rw-r--r--. 1 [redacted] 2934 Jul  6 22:26 suA97544.mime
$ openssl cms -uncompress -inform der -in suA97544.body
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="boundaryk/tP"

--boundaryk/tP
Content-Type: application/edi-x12
Content-Transfer-Encoding: binary
Content-Disposition: Attachment; filename="test_data_1.edi"

[content snipped but it does look like EDI to me]

--boundaryk/tP
Content-Type: application/pkcs7-signature;      name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIIETwYJKoZIhvcNAQcCoIIEQDCCBDwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAoUw
ggKBMIIB6qADAgECAgICzDANBgkqhkiG9w0BAQsFADCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYD
VQQKEwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZS
U1NCdXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20wHhcN
MTYwNzA2MDM0OTMwWhcNMjEwNzA1MDM0OTMwWjCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYDVQQK
EwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZSU1NC
dXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAOX0Z14r96LO/4MucxgoIEa2UZkpxHhvR00mwVpqBS0l0Kn9
2zI8RbVnDXUotaNB0KzadVct+AjivFj07YbX+EW0WAPhspXLrIxsxX3AIqfGC6KEK4CCfhwdazns
8n9jIHWCqk/kfnYpTWINeAPxQs3OgzbZrd3AowI+dFsYKFqRAgMBAAEwDQYJKoZIhvcNAQELBQAD
gYEAZVU+LCu1fARUGDxyGk10EeTXhMTSukw6EOLEAixUA8rr3nvj4dk2EbUlKNeaQ+4VjTJMRBGp
PF/0Pdw6olBerldJYq6Ri7XLFOwexNc2/j4oEEahAUHxH5YTGLiDiaTKJ2jjP0CVSqF34ElFLcdq
pKjgJe/wRZDk845AgGjvu00xggGSMIIBjgIBATCBjDCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYD
VQQKEwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZS
U1NCdXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20CAgLM
MAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0x
NjA3MDYwNDA4MjlaMCMGCSqGSIb3DQEJBDEWBBRlZtMMIUzoSqDb4wc6ClFNPoEvpjANBgkqhkiG
9w0BAQEFAASBgKNvF+6hCS1TH1XPEfty2Dz9OvJ6LqKCDfzC/W9GPvo3Te0u00T21hPM1imfJJaD
oc6LFxiyE5JwXkgJBq7kx1yaYXL3coDdlnrrff3dvJos6yoY1DoHc+/b1wQyDIfrZTQeUf2F3XkA
RYV+n0be2C4zaBCz6F5JrCJob3uw2xVK

--boundaryk/tP--

如果我并不显示解压缩的输出，而是将其放入文件中并尝试cms -verify（默认为 SMIME 格式），它会成功解析但验证失败，因为证书是自签名的；如果我提取证书并手动信任它（这当然不安全，但这只是一个测试）它会验证。

嗨嗨。

Answer 1

openssl cms（也是较早且功能较弱的smime）使用内部例程仅为内容传输编码实现 SMIME 格式：base64 和不支持内容传输编码：二进制.FWIW 这些是记录作为错误，因此可能有一天会得到修复。

作为一种解决方法，在 Unix 上，你可以丢弃 MIME 标头，sed保留二进制主体，这openssl 能句柄（作为 der）：

$ sed '1,/^\r$/d' <suA97544.mime >suA97544.body
$ ll suA975*
-rw-r--r--. 1 [redacted] 2760 Jul  6 23:07 suA97544.body
-rw-r--r--. 1 [redacted] 2934 Jul  6 22:26 suA97544.mime
$ openssl cms -uncompress -inform der -in suA97544.body
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="boundaryk/tP"

--boundaryk/tP
Content-Type: application/edi-x12
Content-Transfer-Encoding: binary
Content-Disposition: Attachment; filename="test_data_1.edi"

[content snipped but it does look like EDI to me]

--boundaryk/tP
Content-Type: application/pkcs7-signature;      name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIIETwYJKoZIhvcNAQcCoIIEQDCCBDwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAoUw
ggKBMIIB6qADAgECAgICzDANBgkqhkiG9w0BAQsFADCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYD
VQQKEwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZS
U1NCdXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20wHhcN
MTYwNzA2MDM0OTMwWhcNMjEwNzA1MDM0OTMwWjCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYDVQQK
EwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZSU1NC
dXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAOX0Z14r96LO/4MucxgoIEa2UZkpxHhvR00mwVpqBS0l0Kn9
2zI8RbVnDXUotaNB0KzadVct+AjivFj07YbX+EW0WAPhspXLrIxsxX3AIqfGC6KEK4CCfhwdazns
8n9jIHWCqk/kfnYpTWINeAPxQs3OgzbZrd3AowI+dFsYKFqRAgMBAAEwDQYJKoZIhvcNAQELBQAD
gYEAZVU+LCu1fARUGDxyGk10EeTXhMTSukw6EOLEAixUA8rr3nvj4dk2EbUlKNeaQ+4VjTJMRBGp
PF/0Pdw6olBerldJYq6Ri7XLFOwexNc2/j4oEEahAUHxH5YTGLiDiaTKJ2jjP0CVSqF34ElFLcdq
pKjgJe/wRZDk845AgGjvu00xggGSMIIBjgIBATCBjDCBhTEPMA0GA1UEAxMGUlNTQnVzMQ8wDQYD
VQQKEwZSU1NCdXMxDzANBgNVBAsTBlJTU0J1czEPMA0GA1UEBxMGUlNTQnVzMQ8wDQYDVQQIEwZS
U1NCdXMxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJjb250YWN0QHJzc2J1cy5jb20CAgLM
MAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0x
NjA3MDYwNDA4MjlaMCMGCSqGSIb3DQEJBDEWBBRlZtMMIUzoSqDb4wc6ClFNPoEvpjANBgkqhkiG
9w0BAQEFAASBgKNvF+6hCS1TH1XPEfty2Dz9OvJ6LqKCDfzC/W9GPvo3Te0u00T21hPM1imfJJaD
oc6LFxiyE5JwXkgJBq7kx1yaYXL3coDdlnrrff3dvJos6yoY1DoHc+/b1wQyDIfrZTQeUf2F3XkA
RYV+n0be2C4zaBCz6F5JrCJob3uw2xVK

--boundaryk/tP--

如果我并不显示解压缩的输出，而是将其放入文件中并尝试cms -verify（默认为 SMIME 格式），它会成功解析但验证失败，因为证书是自签名的；如果我提取证书并手动信任它（这当然不安全，但这只是一个测试）它会验证。

嗨嗨。

解压 smime 文件时出错

答案1

相关内容