Hi folks !
I am working on an application in dotnet 2.0; receiving a smime message

which reads something like
========================================
MIME-Version: 1.0
Content-type: application/x-pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
MIIcdsfefej [.....] (lots of chars)
========================================

What can i programatically do with the lot of chars, to get to the
original message ? I know in the content is the simmetric key of the
DES3 algorithm but it is encrypted with my public message, so i need to

decrypt it with my private and apply the des3.
but i do not how to do it !!?!!?
i know only the theory so far
but how to achieve this using C# is a mistery


best regards, thanks in advance


Michel Gallant,  help me out in this one :D

The EnvelopedCms class in System.Security.Cryptography.Pkcs is what you
want.  Essentially, you want to get the binary data of the message, which in
your case is in base64.  Grab that part of the data as a string and convert
to byte[] with Convert.FromBase64String.  Then, create a ContentInfo object
with the byte[] and pass that into your EnvelopedCms constructor.  From
there, you can decrypt, assuming you have the private key available in a key
store for one of the certificates the message was addressed to.

Joe K.

Show quoteHide quote

Actually, that was a little wrong.  The trick is to create a new
EnvelopedCms, Decode it with the encrypted binary data and then Decrypt it.
Sorry about that.

Here is a console example I put together that dumps out an enveloped message
that I successfully decrypted via a cert on my machine.  Note that you'll
want to still plug in the base64 data into the byte array instead of reading
the smime.p7m file from the file system like I did, but the rest should be
similar.  My implementation assumes that the original message was ASCII
encoded, but that is usually true with email.

Note also that if you have an encrypted message, you can decode it without
decrypting it.  You might do this to figure out who the message is addressed
to and what type of addressing it used.  This often helps figure out why a
message might not get decrypted by Outlook or something (perhaps if the cert
with the matching serial number is missing).

HTH,

Joe K.

using System;
using System.Collections;
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.IO;
using System.Text;

public class TestDecryptEnvelopedCms
{
    public static void Main()
    {
        FileStream encFile = new FileStream(
            @"c:\smime.p7m",
            FileMode.Open
            );
        BinaryReader reader = new BinaryReader(encFile);

        byte[] data = new byte[encFile.Length];
        reader.Read(data, 0, Convert.ToInt32(encFile.Length));

        try
        {
            EnvelopedCms envData = new EnvelopedCms();
            envData.Decode(data);
            Console.WriteLine("Message decoded...");
            Console.WriteLine("");
            Console.WriteLine("Encryption Algorithm");
            Console.WriteLine(
                "    Name={0}",
                envData.ContentEncryptionAlgorithm.Oid.FriendlyName
                );
            Console.WriteLine(
                "    Key length={0}",
                envData.ContentEncryptionAlgorithm.KeyLength
                );
            Console.WriteLine();
            Console.WriteLine("Recipients ({0})",
envData.RecipientInfos.Count);
            foreach (RecipientInfo r in envData.RecipientInfos)
            {
                Console.WriteLine("=================");
                Console.WriteLine(
                    "    Encrypted key={0}",
                    BitConverter.ToString(r.EncryptedKey)
                    );
                Console.WriteLine(
                    "    Encryption alg={0}",
                    r.KeyEncryptionAlgorithm.Oid.FriendlyName
                    );
                if (r.RecipientIdentifier.Type ==
                    SubjectIdentifierType.IssuerAndSerialNumber)
                {
                    X509IssuerSerial xi =
                        (X509IssuerSerial) r.RecipientIdentifier.Value;
                    Console.WriteLine("    Issuer={0}", xi.IssuerName);
                    Console.WriteLine("    SerialNumber={0}",
xi.SerialNumber);
                }
                else
                {
                    Console.WriteLine(
                        "    SubjectKeyInfo={0}",
                        r.RecipientIdentifier.Value
                        );
                }
            }

            Console.WriteLine("");
            Console.WriteLine(
                "Certificates ({0})",
                envData.Certificates.Count
                );
            foreach (X509Certificate2 cert in envData.Certificates)
            {
                Console.WriteLine("    Subject={0}", cert.SubjectName);
            }

            Console.WriteLine("");
            Console.WriteLine(
                "Unprotected Attributes ({0})",
                envData.UnprotectedAttributes.Count
                );
            foreach (CryptographicAttributeObject obj in
                envData.UnprotectedAttributes)
            {
                Console.WriteLine(obj.Oid.FriendlyName);
            }
            Console.WriteLine("");
            Console.WriteLine("Trying to decrypt...");
            envData.Decrypt();
            byte[] decData = envData.ContentInfo.Content;

            Console.WriteLine();
            Console.WriteLine("Decrypted message data");
            Console.WriteLine("=====================================");
            string message = Encoding.ASCII.GetString(decData);
            foreach (char c in message)
            {
                Console.Write(c);
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.ToString());
        }
        finally
        {
            reader.Close();
        }
        Console.ReadLine();
    }
}

Show quoteHide quote

Thank you, mr. Kapplan
your help is highly appreciated
i worked out the solution
as i explain in my question i was receiving a smime encrypted and
signed message, therefore we need to detach the encrypted part, decrypt
it and the result is a message with the digital signature, detach the
signature and then do the validation giving an output of the original
document (or an error if it is tampered or so)
so, in the big picture
a) input message encrypted
b) detached the message part (i used the lionwind c# in codeproject to
do the mime part)
c) do the envelopedcms over the content info containing the message
encrypted part
d) output message digitally signed
e) detach the message part signed (again using the c# mime)
f) do the signedcms over the content info of e)
g) signedcms.contentinfo.content is the original message yet validated
h) all done, you have the extracted message of the smime so you can do
whatever you want

Thanks to mr kaplan for his guidance over this trouble, and to liowind
to the c# mime library found on codeproject.

If you find any trouble, i would be glad to help you.

WindowsIdentity.GetCurrent().Token cannot be used when remoting?
Windows authentication over remoting... possible?
Service, Requested registry access is not allowed
Credentials not passed on when using ASP.NET
Creating New Process Under Alternate Credentials (createprocessasuser)
RSA Encryption: Saving keys as files, and size of encrypted data
code access security across the network
Detecting if a NTAccount is user or a group
Questions about RijndaelManaged and Rijndael
How to grant and deny the access to a virtual directory?