{"id":37,"date":"2009-03-02T17:09:34","date_gmt":"2009-03-02T17:09:34","guid":{"rendered":"http:\/\/www.eriugena.org\/blog\/?p=37"},"modified":"2009-03-02T17:11:25","modified_gmt":"2009-03-02T17:11:25","slug":"who-is-that-e-mail-encrypted-for","status":"publish","type":"post","link":"http:\/\/www.eriugena.org\/blog\/?p=37","title":{"rendered":"Who is that e-mail encrypted for?"},"content":{"rendered":"<p>This morning I was testing a program that builds a certificate request (for S\/MIME encryption) and submits it to a CA in our new MS PKI. The tests went well and I generated, installed and deleted some certificates. Later my colleague Thomas ran the program to install a certificate and sent me a signed (and encrypted) e-mail. I was surprised to find that I could not read it in Outlook.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.eriugena.org\/blog\/wp-content\/uploads\/2009\/03\/010.png\" width=\"537\" height=\"108\" \/><\/p>\n<p>This is how Outlook tels you that you do not have the private key needed to decrypt the message.<\/p>\n<p>Fortunatly I had backed up my certificates (this was Windows XP so I used &#8220;certmgr.msc&#8221; to export the certs, with private keys) before the tests. Rather than re-install all the certificates I decided to see what certificate Thomas had encrypted the e-mail for but Outlook stubbornly refused to let me inspect the e-mail in any way or to save it to a file.<\/p>\n<p>As we have IMAP enabled in our Exchange environment I used Thunderbird to download the e-mail and save it to a file which I then edited to remove the headers. That left just the base64 encoded S\/MIME part.<\/p>\n<p>I decoded that by &#8220;base64 -d thomas.b64 &gt; thomas.bin&#8221; which left me with an encrypted blob that contains a few strings in that tells you which Certificate Authority issued the certificates that it is encrypted for but no indication of the recipients. S\/MIME uses CMS format which identifies the intended recipients by only two attributes: the issuing CA name and the serial numer of the certificate.<\/p>\n<p>CMS uses ASN1 so you can parse this blob using the ASN1 parser in OpenSSL:<\/p>\n<p>openssl asn1parse -in thomas.bin -inform DER &gt; thomas.txt<\/p>\n<p>View the output and you will find some lines like this repeated for each recipient :<\/p>\n<pre>807:d=9\u00c2\u00a0 hl=2 l=\u00c2\u00a0\u00c2\u00a0 3 prim: OBJECT\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 :commonName\r\n812:d=9\u00c2\u00a0 hl=2 l=\u00c2\u00a0 33 prim: PRINTABLESTRING\u00c2\u00a0\u00c2\u00a0 :Example Internal Sub CA\r\n847:d=6\u00c2\u00a0 hl=2 l=\u00c2\u00a0 10 prim: INTEGER\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 :238DC0A500000000001A<\/pre>\n<p>The third line is the serial number of the certificate (the MS Certificate Authority adds some &#8220;randomness&#8221; to the high bytes of the serial numbers). Then I went through my backup and sure enough found that I have an encryption certificate serial number &#8230;.001A and once I had re-installed that cert Outlook was able to decrypt the e-mail.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This morning I was testing a program that builds a certificate request (for S\/MIME encryption) and submits it to a CA in our new MS PKI. The tests went well and I generated, installed and deleted some certificates. Later my colleague Thomas ran the program to install a certificate and sent me a signed (and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-crypto"],"_links":{"self":[{"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=37"}],"version-history":[{"count":0,"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.eriugena.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}