Fatal编程技术网
  • email/
  • Email 未使用MS Outlook打开带有委托证书的加密电子邮件

Email 未使用MS Outlook打开带有委托证书的加密电子邮件

email encryption

Email 未使用MS Outlook打开带有委托证书的加密电子邮件,email,encryption,Email,Encryption,使用证书提供商Trust加密的加密电子邮件无法由MS Outlook客户端解密 outlook抛出的错误是: 此消息无法解码。取消对邮件的保护时出错。无法解密,因为解密对称加密密钥时出错。原始数据可能已损坏 我已经找到了解决这个问题的办法。在解码加密电子邮件后,我从pkcs7信封数据中看到OID“:rsacencryption”丢失。 下面是一个使用RSA进行密钥加密和AES256进行数据加密的好信封 0:d=0 hl=5 l=393952 cons: SEQUENCE

使用证书提供商Trust加密的加密电子邮件无法由MS Outlook客户端解密

outlook抛出的错误是:

此消息无法解码。取消对邮件的保护时出错。无法解密,因为解密对称加密密钥时出错。原始数据可能已损坏

我已经找到了解决这个问题的办法。在解码加密电子邮件后,我从pkcs7信封数据中看到OID“:rsacencryption”丢失。 下面是一个使用RSA进行密钥加密和AES256进行数据加密的好信封

 0:d=0  hl=5 l=393952 cons: SEQUENCE          
    5:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
   16:d=1  hl=5 l=393936 cons: cont [ 0 ]        
   21:d=2  hl=5 l=393931 cons: SEQUENCE          
   26:d=3  hl=2 l=   1 prim: INTEGER           :02
   29:d=3  hl=4 l= 304 cons: SET               
   33:d=4  hl=4 l= 300 cons: SEQUENCE          
   37:d=5  hl=2 l=   1 prim: INTEGER           :02
   40:d=5  hl=2 l=  20 prim: cont [ 0 ]        
   62:d=5  hl=2 l=  13 cons: SEQUENCE          
   64:d=6  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   75:d=6  hl=2 l=   0 prim: NULL              
   77:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:A2F5A9F82CCE74FE71554032235FAB5560AC1F2AEB7C25462D80CFF84658DD4D3823FBCB602B992BF3F74D385F64582459AE7DFF5AADDCA296D57D85F49B0BADE2868FC8EDC0E8CD8EDFC6831DCDCA7B7B951EFBB77E19A6BFE74F14D6DA3DD83743014A6007A2A7040F7C15BB2179767D54F849257D14E4C1229B3EB8C29552A15ACDC163FB5799E3B75D0B10D47147F97B95E663C8EB28729847DECD2A0806F710F4186C991277D5F3C1123B8A6907A6795B7C849C1D263721C78E72E5642353D8B9A2B68FB2F9552868CC1F4E4B9785D2E8314D6438490A9AF8EA60EC1EB41A082CA121B2E102EF30C03F4D26F55931B76EFBF75F057F3F2A668FEF3D2527
  337:d=3  hl=5 l=393615 cons: SEQUENCE          
  342:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  353:d=4  hl=2 l=  29 cons: SEQUENCE          
  355:d=5  hl=2 l=   9 prim: OBJECT            :aes-256-cbc
  366:d=5  hl=2 l=  16 prim: OCTET STRING      [HEX DUMP]:1A4BB3CAB2F425A2456C5B8700219FC0
  384:d=4  hl=5 l=393568 prim: cont [ 0 ]
下面是我在使用.NET4.5SMTP客户端时得到的结果

0:d=0  hl=5 l=394986 cons: SEQUENCE          
5:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
16:d=1  hl=5 l=394970 cons: cont [ 0 ]        
21:d=2  hl=5 l=394965 cons: SEQUENCE          
26:d=3  hl=2 l=   1 prim: INTEGER           :00
29:d=3  hl=4 l= 554 cons: SET               
33:d=4  hl=4 l= 550 cons: SEQUENCE          
37:d=5  hl=2 l=   1 prim: INTEGER           :00
40:d=5  hl=4 l= 268 cons: SEQUENCE          
44:d=6  hl=3 l= 247 cons: SEQUENCE          
47:d=7  hl=2 l=  11 cons: SET               
49:d=8  hl=2 l=   9 cons: SEQUENCE          
51:d=9  hl=2 l=   3 prim: OBJECT            :countryName
56:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
60:d=7  hl=2 l=  32 cons: SET               
62:d=8  hl=2 l=  30 cons: SEQUENCE          
64:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
69:d=9  hl=2 l=  23 prim: PRINTABLESTRING   :Hewlett-Packard Company
94:d=7  hl=2 l=  31 cons: SET               
96:d=8  hl=2 l=  29 cons: SEQUENCE          
98:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
103:d=9  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
127:d=7  hl=2 l=  59 cons: SET               
129:d=8  hl=2 l=  57 cons: SEQUENCE          
131:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
136:d=9  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at    https://www.verisign.com/rpa (c)09
188:d=7  hl=2 l=  53 cons: SET               
190:d=8  hl=2 l=  51 cons: SEQUENCE          
192:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
197:d=9  hl=2 l=  44 prim: PRINTABLESTRING   :Class 2 Managed PKI Individual Subscriber CA
243:d=7  hl=2 l=  49 cons: SET               
245:d=8  hl=2 l=  47 cons: SEQUENCE          
247:d=9  hl=2 l=   3 prim: OBJECT            :commonName
252:d=9  hl=2 l=  40 prim: PRINTABLESTRING   :Collaboration Certification Authority G2
294:d=6  hl=2 l=  16 prim: INTEGER           :4C1DCC56F939DF3671B26A50DF810C16
312:d=5  hl=2 l=  13 cons: SEQUENCE          
314:d=6  hl=2 l=   9 prim: OBJECT            :1.2.840.113549.1.1.7
325:d=6  hl=2 l=   0 cons: SEQUENCE          
327:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:766ECBA847C51B3F8BDFD7D2CC2036B1161DA0BAD757A628E4EBB0A15F46586DDBB848F918D78072542F9E618D69ADDE5D863689CEB79A1B7D84D69AB3A8BAE0BF0E1A968485CB04F04A6D4FDB6946147EF95A9C472E2B02AAF664745E8C6BEFD0F078D469DA5B227EE0C4EB95E5D6D909A09301444D3D961EF66BB24D153F4778E128B50E5B382BA46CD849C723C6ED1B1C845BDCA8441F03B554E6513BF16E65A7F1F7DAEA66B3081C1A5C7B4B4C46D1395011139694332D6F400D8DDD0522AD128ADFFCE1249FF8465026EABDB907A0ACF01E2825D4C6E1F90ABE6D74E2FE389325C2B9152078B3119685E0F06954F13349ABA46E7F2DFD99DF458C5C703F
587:d=3  hl=5 l=394399 cons: SEQUENCE          
592:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
603:d=4  hl=2 l=  29 cons: SEQUENCE          
605:d=5  hl=2 l=   9 prim: OBJECT            :aes-256-cbc
616:d=5  hl=2 l=  16 prim: OCTET STRING      [HEX DUMP]:9B746E27201198B82A599C3E9FD13498
634:d=4  hl=5 l=394352 prim: cont [ 0 ]
因此,值得注意的是:rsacencryption“在pkcs7信封数据中丢失

为了解决这个问题,我必须在向收件人集合添加CmsRecipient时将SubjectIdentifierType指定为SubjectIdentifierType.SubjectKeyIdentifier。如下代码片段所示

    recipientCollection.Add(new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, EncryptCert));
这确保了RSA密钥EndryOption OID“RSA加密(1 2 840 113549 1 1)”不会从信封中漏掉

请注意,我仅在处理委托提供的证书(用于加密)时发现此问题。我不认为这是另一个问题