Unable to decrypt S/MIME message

0

Hello,

I am currently evaluating REBEX S/MIME product and I am facing the following problem; while i can decrypt some messages, for some others I receive the following exception:

Rebex.Security.Certificates.CertificateException: Unable to acquire private key. at Rebex.Security.Certificates.Certificate.Decrypt(Byte[] rgb, Boolean silent) at Rebex.Security.Cryptography.Pkcs.KeyTransRecipientInfo.AxOrqg(Boolean ) at Rebex.Security.Cryptography.Pkcs.EnvelopedData.GetSymmetricKey() at Rebex.Security.Cryptography.Pkcs.EnvelopedData.GetSymmetricAlgorithm() at Rebex.Security.Cryptography.Pkcs.EnvelopedData.Decrypt() at Rebex.Mime.MimeEntity.Decrypt() at Rebex.Samples.MimeExplorer.MimeExplorer.DecryptCommand() at Rebex.Samples.MimeExplorer.MimeExplorer.viewTree_DoubleClick(Object sender, EventArgs e) at System.Windows.Forms.Control.OnDoubleClick(EventArgs e) at System.Windows.Forms.TreeView.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

The message is loaded from disk using the following code:

Dim message As New MailMessage

'load the message from a local disk file

message.Load(msgPath)

'decrypt the message if it is encrypted

If message.IsEncrypted Then

 MessageBox.Show("Message from " & message.From(0).Address & "[Subject: " &

message.Subject & "] is enrypted")

End If

If Not message.CanDecrypt Then

  Throw New ApplicationException _
                ( _
              "Message cannot be decrypted. You do not have the private key." _
           )

End If

Try

  message.Decrypt()

Catch ex As Exception

  MessageBox.Show("Unable to decrypt message from " & message.From(0).Address & ": " &

ex.Message)

End Try

The e-mail message has previously been saved to disk, using Pop3.GetMessage() method.

I have also tried explicitly loading the .pfx file containing the user certificate using the following code:

Dim userCert As Certificate = Certificate.LoadPfx("C:PATH_TO_USER_CERT.pfx", "PFX_PASSWORD") Dim subcacert As Certificate = Certificate.LoadDer("C:PATH_TO_SUBCA.cer") Dim rootcacert As Certificate = Certificate.LoadDer("C:PATH_TO_ROOTCA.cer") Dim cch As New CertificateChain cch.Add(userCert) cch.Add(subcacert) cch.Add(rootcacert) message.CertificateFinder = CertificateFinder.CreateFinder(cch)

Calling message.Decrypt() threw the same Exception. Additionally, calling userCert.HasPrivateKey returns true, and I am also able to sign an MD-5 hash using the userCert.signHash method.

Finally, Outlook will correctly decrypt the message.

Any clues on what the problem might be?

Thanks

asked 09 May '11, 10:19

idimitrak's gravatar image

idimitrak
151
accept rate: 0%

edited 09 May '11, 10:26

2 Answers:
oldestnewestmost voted
0

Thanks for reporting this issue! Although nothing is certain a this point, this might be caused by some problem in the our CryptoAPI wrapper.

The problem is located in Certificate object's Decrypt mehod. First, let's try a code that is as simple as possible and calls this method. The following code snippet can be used:

Imports System.Text
Imports System.Security.Cryptography
Imports Rebex.Security.Certificates
...

    ' load the certificate
    Dim userCert As Certificate = Certificate.LoadPfx("C:\PATH_TO_USER_CERT.pfx", "PFX_PASSWORD")

    ' define some test data
    Dim testData() As Byte = Encoding.UTF8.GetBytes("test data")

    ' make sure that 'sign' operation works
    Dim hash() As Byte = MD5.Create().ComputeHash(testData)
    userCert.SignHash(hash, SignatureHashAlgorithm.MD5, False)

    ' encrypt data (no private key needed for this)
    Dim encryptedData() As Byte = userCert.Encrypt(testData)

    ' decrypt encrypted data (this is what seems to fail)
    ' (is there any difference if False is used as the second argument?)
    Dim decryptedData() As Byte = userCert.Decrypt(encryptedData, True)

Does this fail as well? Does it fail at SignHash method, Decrypt method, or elsewhere?

link

answered 09 May '11, 14:43

Lukas%20Pokorny's gravatar image

Lukas Pokorny ♦♦
2.4k28
accept rate: 31%

0

Hello Lukas,

Thank you for your prompt reply!

I was able to run the code snippet you sent me without a problem. The encrypted Data was properly decrypted (and output to the Console) using either ‘True’ or ‘False’ as the second argument in the Certificate object’s Decrypt method.

link

answered 10 May '11, 07:38

idimitrak's gravatar image

idimitrak
151
accept rate: 0%

This proves that my guess was wrong and the problem is not in the Decrypt method. It looks like we try decrypting using a wrong certificate in some cases. Fortunately, fixing this bug should be easy. Please check your company e-mail for further instructions.

(10 May '11, 12:40) Lukas Pokorny ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×11

Asked: 09 May '11, 10:19

Seen: 558 times

Last updated: 10 May '11, 12:40

Related questions

How to save sign from signed message

Is possible use Rebex.Security.Cryptography.Pkcs Namespace for external detached signing?

S/MIME MailMessage.ValidateSignature

MailMessage.Sign(SignatureHashAlgorithm.SHA256, signer) error

Verify signed e-mail with VB.NET 2010

Secure Mail: S/MIME Version 3.1 header protection?

Decrypt method throws System.FormatException

Rebex.Mail.MailMessage.Sign performance?

Embedded image of the encrypted email gets lost when decrypted.

Secure mail cannot load certain EML files