Secure mail throws exception while decrypting AES192

0 votes
asked Jun 14 by minam (210 points)

Hi,

This happens while trying to decrypt an EML file. The same file can be decrypted by other 3rd party component.
Could someone help me on this?

Encryption Status:

The message is encrypted.
The message can be decrypted.
Rebex.Security.Certificates.CertificateException: Unable to decrypt data (00000057).
at Rebex.Security.Certificates.Certificate.QY(Byte[] C, Boolean V)
at Rebex.Security.Certificates.Certificate.Decrypt(Byte[] rgb, Boolean silent)
at Rebex.Security.Cryptography.Pkcs.KeyTransRecipientInfo.GW(Boolean C)
at Rebex.Security.Cryptography.Pkcs.EnvelopedData.GetSymmetricKey()
at Rebex.Security.Cryptography.Pkcs.EnvelopedData.RH()
at Rebex.Security.Cryptography.Pkcs.EnvelopedData.Decrypt()
at Rebex.Mime.MimeEntity.Decrypt()
at Rebex.Mail.MailMessage.Decrypt()
at at.Mime.Program.UseRebex(String sourcePath) in C:\Users\inm\Documents\Visual Studio 2017\Projects\at.Mime\at.Mime\Program.cs:line 118

Applies to: Rebex Secure Mail

2 Answers

0 votes
answered Jun 15 by Lukas Pokorny (82,430 points)

Hi, thanks for bringing this issue to our attention. Which version of Rebex Secure Mail do you currently use?

In any case, please try to decrypt the EML file using the latest beta build of Rebex Secure Mail. The decryption code has been improved and it would be very useful to determine whether the issue still persists.

commented Jun 16 by minam (210 points)
Hi,
I have the version 2017R3, which I believe is the latest. I have tested the beta build you mentioned. Unfortunately, it's throwing the same exception.
+1 vote
answered Jun 19 by Lukas Pokorny (82,430 points)

We have looked into this and the most likely explanation is that the mail was encrypted using OAEP, which is not supported yet. Please download a development build with partial OAEP support and give it a try as well. This should either work, or at least provide a more meaningful error message.

commented 5 days ago by minam (210 points)
It seems this Beta works with the EML file. I'm now able to decrypt the Email message. As for OAEP, there is no way for me to determine whether the Email was encrypted with OAEP padding. Is there a tool or way you know of?

When are you planning to release this beta?

Thanks for the support and I'm looking forward to hearing from you.
commented 5 days ago by Lukas Pokorny (82,430 points)
Thanks a lot for giving this a try! This beta is at an early stage of development, and the public API is not yet updated to cover OAEP. The beta doesn't even support OAEP when encrypting e-mails.
However, to determine whether RSA with OAEP padding was used to encrypt a the symmetric private key, you can already load the EML file into a MimeMessage object and see whether message.EnvelopedContentInfo.RecipientInfos[index].KeyEncryptionAlgorithm.Oid.Value == "1.2.840.113549.1.1.7" for each recipient. (The OID value is id-RSAES-OAEP defined by RFC 3560).
commented 1 day ago by minam (210 points)
Ok. I need to use this Beta in my service. My customers are keep sending Emails with OAEP, which they are not supposed to. At least, not yet. How is the licensing in this case? I need to obtain Trial license key for this Beta assemblies.

Cheers,
commented 10 hours ago by Lukas Pokorny (82,430 points)
Adding the following trial license key would ensure that the trial beta works until 2017-07-27:

Rebex.Licensing.Key = "==AX505cTaHyYxOTKSzknA0s92u2KolMo/plBOzqQ+GDOQ==";

If you decide to renew your support contract before Rebex Secure Mail with OAEP support is released, we would provide a non-trial version of the beta upon request.
...