tags:

views:

3200

answers:

2
+1  Q: 

Decode/extract smime.p7m file contents (email with embedded files) with OpenSSL?

We have an old process (VBScript) that reads a common mailbox and processes certain emails into a database.

New regulations have all messages with attachments now being digitally signed.

The process now only extracts one file (smime.p7m). Using a GUI-based viewer, I can see the embedded files and extract them with no problem. However, what I really need is a command-line based extracter that will write out the embedded files (PDFs, DOCs, XLSs) - they're not encrypted, just signed. I tested this by using a laptop that had no certificates and simply opened the smime.p7m file with the aforementioned viewer.

It looks like OpenSSL will decode/extract this and someone managed to get a version compiled on Windows. However, a lot of trial and error testing of the executable has been frustrating because I can't find the right combination of flags to just say "open the smime.p7m file and write out all the embedded files you find". "openssl smime" always seems to want a "cert.pem" after all the options and I haven't got that.

What am I missing? Thanks in advance.

A: 

Looks like the only available option is to write a simple program using Chilkat's library. This option costs $149 or $289, depending on what kind of license, per developer, but at least it's royalty-free.

David  2009-01-15 15:54:22
+3  A: 

Did you try the "-noverify" option of openssl?

For a signed-only message, you can use "openssl smime -verify -in -noverify -out /tmp/blob"

Then you can use a RFC822-like parser to get the body and attachment(s) out of that "blob". That means that your parser has to be capable of encodings like quoted-printable and base64.

Junping  2009-10-08 19:17:10
Can't say that I did. Just trying to get OpenSSL working at all was a chore in this environment (military site) and I never really succeeded. In the end, writing a new program to do the work, utilizing the Chilkat libraries got the job done quickly. Thanks for the idea, though.
David  2009-10-09 13:36:23
I have tried and the suggested command line works nicely.
dwery  2010-04-26 18:59:41

related questions

OpenSSL and generating CSRs at client side
Encrypting data in Cocoa, decoding in PHP (and vice versa)
SSCrypto/OpenSSL to C# Crypto
How do you test a public/private keypair?
Python memory debugging with GDB
Programmatically Create X509 Certificate using OpenSSL
Understanding engine initialization in OpenSSL
Net::SSLeay post_https compilation error: Too many arguments
Opening an RSA private key from Ruby
How can I parse a Certificate Signing Request with Perl?
How to deploying a self signed SSL certificate to multiple servers
Building libcurl with SSL support on Windows
Self Signed Certificate in Windows without makecert?
"CURLE_OUT_OF_MEMORY" error when posting via https
How would you test an SSL connection?
Crypto/x509 certificate parsing libraries for Python (pyOpenSSL vs Python OpenSSL Wrappers vs...)
Strange call stack, could it be problem in asio's usage of openssl?
Is it a problem if multiple different accepting sockets use the same OpenSSL context?
Ruby on Rails: no such file to load -- openssl on RedHat Linux Enterprise
Using openssl what does "unable to write 'random state'" mean?
Using openssl encryption with Java
C# utility to create a CA
Easy expanation of setting up Openssl on Windows.
Getting ASN.1 Issuer strings from PEM files?
What Certificate Authority Software is Available?