Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
We discovered an issue on the mime part which we ONLY got to work with version 9.4.1.0. When decrypting a mime mail object no version before !!or after!! 9.4.1.0 can decrypt our mime. Using version 9.4.1 works just like expected
Decrypt:
DllDate: Dec 29 2015
ChilkatVersion: 9.5.0.55
UnlockPrefix: XXXDEUSMIME
Username: --------:-------
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 0
decryptMime:
unenvelope:
loadPkcs7Der:
der_to_xml:
(leaveContext)
loadPkcs7Xml:
Pkcs7_EnvelopedData:
AlgorithmIdentifier_loadXml:
RC2_CBC
IV: K2gyn/LeD78=
KeyLength: 40
(leaveContext)
numRecipients: 1
RecipientInfo:
IssuerAndSerialNumber:
issuerCommonName:
issuerCountry: XX
issuerState:
issuerLocality:
issuerOrganization: XXX
(leaveContext)
AlgorithmIdentifier_loadXml:
(leaveContext)
encryptedKeyNumBytes: 128
(leaveContext)
(leaveContext)
(leaveContext)
(leaveContext)
unEnvelope3:
unEnvelope_encrypted:
findMatchingPrivateKeyFromSysCerts:
numRecipientInfos: 1
certSerialNumber: 00
certIssuerCN:
subjectKeyIdentifier:
findPrivateKey:
findCertificate:
findCertB:
(leaveContext)
findCertBySerialAndIssuerCN:
msFindMsCertBySerialAndIssuerCN:
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
openCertStore:
(leaveContext)
(leaveContext)
(leaveContext)
(leaveContext)
(leaveContext)
findPrivateKey:
findCertificate:
findCertB:
(leaveContext)
findCertBySerialAndIssuerCN:
msFindMsCertBySerialAndIssuerCN:
(leaveContext)
(leaveContext)
(leaveContext)
(leaveContext)
(leaveContext)
No certificate with private key found.
(leaveContext)
(leaveContext)
Failed to unenvelope message
(leaveContext)
Failed.
(leaveContext)
Failed.
(leaveContext)
We'd need to see the LastErrorText for the success case using v9.4.1. The LastErrorText will contain content for both successful and failed method calls. Also:
Hi support team. After putting this on hold for some time I had to get back to the same and I still have the same issue, so requesting your support now with MORE details and findings: To sum up, I tested the same mail (encrypted), same certificate and on the same machine on 3 different Chilkat versions 9.4.1.25: works (the .Net 2.0 framework) 9.5.0.56: FAILS (the .Net 4.5.2 framework) -- The one I need 9.5.0.69: works (the .Net 6.1 famework - latest)
I m posting now the LasteErrorText output from all 3 attempts in the above order
Chilkat version 9.4.1.25 - successful encrypted
ChilkatLog:
Decrypt:
DllDate: Jul 8 2013
ChilkatVersion: 9.4.1.25
UnlockPrefix: UPSDEUSMIME
Username: WKSP000587B3:KLN1AVP
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 1
certSerialNumber: 00
certIssuerCN:
loadPkcs7Der_5:
DerParseTimeMs: Elapsed time: 0 millisec
loadPkcs7Xml:
Pkcs7_loadXml:
Pkcs7_EnvelopedData:
RC2_CBC
IV: hin4yTv0Arg=
KeyLength: 40
numRecipients: 1
RecipientInfo:
IssuerAndSerialNumber:
serialNumber1: 00
issuerCommonName:
issuerCountry: NL
issuerState:
issuerLocality:
issuerOrganization: UPS
--IssuerAndSerialNumber
encryptedKeyNumBytes: 128
--RecipientInfo
--Pkcs7_EnvelopedData
--Pkcs7_loadXml
--loadPkcs7Xml
Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
--loadPkcs7Der_5
UnEnvelope2:
FindMatchingRecipientInfo:
NeedSerial:
NeedIssuerCN:
NumRecipientInfos: 1
Found matching RecipientInfo
--FindMatchingRecipientInfo
AlgorithmIdentifier:
oid: 1.2.840.113549.1.1.1
--AlgorithmIdentifier
Decrypting symmetric key...(3)
ModulusLen: 129
DLen: 128
PLen: 65
QLen: 65
DPLen: 65
DQLen: 64
InvQLen: 64
modulus_bitlen: 1024
littleEndian: 1
encryptedData: 2E22 D5D7 3E72 1E1F 32F4 90DC 6B89 994A
2402 051D EC03 589D 7C7E 521A B5E9 D5D6
52C7 4896 C797 FFA5 E5C2 7E89 1A8C 7849
131A AC8E B45E 235E 6CB8 8CAA 62C9 D0DA
41B4 99C6 AC19 FD02 DB6F EA07 3E3A 45B6
91AC 0A97 7D4F BBEF D9C2 23C4 336A 05B6
1BF2 E2AC 8D7C A620 7DCB 8B8B CF1D 639D
460D A28F 0936 9EE1 EE88 2FAD 166B DB71
exptmod: Elapsed time: 16 millisec
exptmod_decoded: 0270 9B05 6F09 BF81 1019 38EC B078 3B04
69EE A593 259B BAA7 11CD 9BC8 F445 8BD5
E896 7BC1 07D0 9070 0BBA 199C 898C 7891
8753 CF3D 9E57 7FB5 E258 CD59 B604 97AD
45DB 4855 4421 5ADF FE77 9042 D190 C176
4233 A362 DD60 2E30 6321 9A6C 389E 127D
78BC 38FC 698B B0A2 0D3F 8BA9 EB8F D7E9
97BF 53AD 1DB0 C551 1F00 DABC 54ED B4
exptmod_decoded_size: 127
padding: PKCS 1.5
sizeAfterPkcs15_decode: 5
Decrypting data using symmetric key (3)
decryptedSymmetricKeyLen3: 5
symmetricDecrypt_3:
setByAlgorithmIdentifier:
algId_oid: 1.2.840.113549.3.2
RC2_CBC
keyLength: 40
--setByAlgorithmIdentifier
symmetricKeySizeInBytes: 5
numBytesToDecrypt: 2968
algorithm: rc2
keyLength: 40
outputSize: 2961
symmetricDecryptOutputSize: 2961
--symmetricDecrypt_3
--UnEnvelope2
LoadMimeComplete2:
Found end-of-header.
setHeaderContents:
ParseMimeHeader:
Header is entirely 7-bit
FinalCodePageDecision: 0
unfoldedHeaderField1: Mime-Version: 1.0
MimeField:
rawField: Mime-Version: 1.0
name: Mime-Version
value: 1.0
--MimeField
unfoldedHeaderField1: Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name=smime.p7m
MimeField:
rawField: Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name=smime.p7m
name: Content-Type
value: application/x-pkcs7-mime; smime-type=signed-data; name=smime.p7m
--MimeField
unfoldedHeaderField1: Content-Transfer-Encoding: base64
MimeField:
rawField: Content-Transfer-Encoding: base64
name: Content-Transfer-Encoding
value: base64
--MimeField
unfoldedHeaderField2: Content-Disposition: attachment; filename=249WKSKA.DAT
MimeField:
rawField: Content-Disposition: attachment; filename=249WKSKA.DAT
name: Content-Disposition
value: attachment; filename=249WKSKA.DAT
--MimeField
--ParseMimeHeader
--setHeaderContents
parseMimeBody:
contentType: application/x-pkcs7-mime; smime-type=signed-data; name=smime.p7m
charset:
clearing charset based on content-type.
treating body as binary (non-character) data.
treating body as binary data because of attachment status.
bIsAttachment: 1
setMimeBodyByEncoding2:
encoding: base64
entireBodyLen: 2764
charset:
isText: 0
wasReally1252: 0
--setMimeBodyByEncoding2
--parseMimeBody
--LoadMimeComplete2
Success.
--Decrypt
--ChilkatLog
Now the failing Log from 9.5.0.56
ChilkatLog:
Decrypt2(31ms):
DllDate: Mar 11 2016
ChilkatVersion: 9.5.0.56
UnlockPrefix: UPSDEUSMIME
Username: WKSP000587B3:KLN1AVP
Architecture: Little Endian; 32-bit
Language: .NET 4.5
VerboseLogging: 1
addCertificate:
addCertificate:
constructSerialIssuerHashKey:
using issuerDN for self-issued certificate.
--constructSerialIssuerHashKey
certHashEntryB: 00:NL, UPS, UPS, ups@douane.lan
skiHashKey: SubjectKeyId:iyu179VlVBpz7HjVmzV4TAMr6Ck=
--addCertificate
--addCertificate
decryptMime(31ms):
unenvelope(31ms):
loadPkcs7Der:
DerParseTimeMs: Elapsed time: 0 millisec
loadPkcs7Xml:
Pkcs7_EnvelopedData:
AlgorithmIdentifier_loadXml:
oid: 1.2.840.113549.3.2
RC2_CBC
IV: hin4yTv0Arg=
KeyLength: 40
--AlgorithmIdentifier_loadXml
numRecipients: 1
RecipientInfo:
IssuerAndSerialNumber:
serialNumber1: 00
issuerCommonName:
issuerCountry: NL
issuerState:
issuerLocality:
issuerOrganization: UPS
--IssuerAndSerialNumber
AlgorithmIdentifier_loadXml:
oid: 1.2.840.113549.1.1.1
--AlgorithmIdentifier_loadXml
encryptedKeyNumBytes: 128
--RecipientInfo
--Pkcs7_EnvelopedData
--loadPkcs7Xml
Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
--loadPkcs7Der
unEnvelope3(31ms):
unEnvelope_encrypted(31ms):
findMatchingPrivateKeyFromSysCerts(31ms):
numRecipientInfos: 1
certSerialNumber: 00
certIssuerCN:
subjectKeyIdentifier:
findPrivateKey(15ms):
findCertificate(15ms):
findCertBySerialAndIssuerCN(15ms):
msFindMsCertBySerialAndIssuerCN(15ms):
certSerialNumber:
certIssuerCN:
needPrivateKey: 0
No match found in MY current-user certificate store.
No match found in MY local-machine certificate store.
No match found in AddressBook current-user certificate store.
No match found in AddressBook local-machine certificate store.
No match found in CA current-user certificate store.
No match found in CA local-machine certificate store.
No match found in ROOT current-user certificate store.
No match found in ROOT local-machine certificate store.
--msFindMsCertBySerialAndIssuerCN
--findCertBySerialAndIssuerCN
--findCertificate
--findPrivateKey
findPrivateKey(16ms):
findCertificate(16ms):
findCertBySerialAndIssuerCN(16ms):
msFindMsCertBySerialAndIssuerCN(16ms):
certSerialNumber: 00
certIssuerCN:
needPrivateKey: 0
findCertBySerialAndIssuerCN(16ms):
Found certificate with matching serial number!
IssuerDN: C=CH, L=Bern, O=Eidg. Oberzolldirektion, OU=Test CA Abteilung, CN=OZD Test CA, E=admin@m90test.ezv.admin.ch,
Found certificate with matching serial number!
IssuerDN: C=CH, L=Bern, O=Eidg. Oberzolldirektion, OU=CA Abteilung, CN=OZD CA, E=admin@m90.ezv.admin.ch,
--findCertBySerialAndIssuerCN
No match found in MY current-user certificate store.
No match found in MY local-machine certificate store.
No match found in AddressBook current-user certificate store.
No match found in AddressBook local-machine certificate store.
No match found in CA current-user certificate store.
No match found in CA local-machine certificate store.
findCertBySerialAndIssuerCN:
Found certificate with matching serial number!
IssuerDN: C=CH, L=Bern, O=Eidg. Oberzolldirektion, OU=Test CA Abteilung, CN=OZD Test CA, E=admin@m90test.ezv.admin.ch,
Found certificate with matching serial number!
IssuerDN: C=NL, O=UPS, OU=UPS, E=ups@douane.lan,
Found certificate with matching serial number!
IssuerDN: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA,
Found certificate with matching serial number!
IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2,
Found certificate with matching serial number!
IssuerDN: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority,
Found certificate with matching serial number!
IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority,
Found certificate with matching serial number!
IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2,
Found certificate with matching serial number!
IssuerDN: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority,
--findCertBySerialAndIssuerCN
No match found in ROOT current-user certificate store.
findCertBySerialAndIssuerCN:
Found certificate with matching serial number!
IssuerDN: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA,
Found certificate with matching serial number!
IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2,
Found certificate with matching serial number!
IssuerDN: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority,
Found certificate with matching serial number!
IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority,
Found certificate with matching serial number!
IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2,
Found certificate with matching serial number!
IssuerDN: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority,
--findCertBySerialAndIssuerCN
No match found in ROOT local-machine certificate store.
--msFindMsCertBySerialAndIssuerCN
--findCertBySerialAndIssuerCN
--findCertificate
--findPrivateKey
--findMatchingPrivateKeyFromSysCerts
No certificate with private key found.
RecipientInfos:
recipient:
certSerialNum: 00
certIssuerCN:
--recipient
--RecipientInfos
--unEnvelope_encrypted
--unEnvelope3
Failed to unenvelope message
--unenvelope
Failed.
--decryptMime
mergeSysCerts:
addCertificate:
constructSerialIssuerHashKey:
using issuerDN for self-issued certificate.
--constructSerialIssuerHashKey
--addCertificate
--mergeSysCerts
Failed.
--Decrypt2
--ChilkatLog
and here the latest version which again WORKS
ChilkatLog:
Decrypt2:
DllDate: Aug 30 2017
ChilkatVersion: 9.5.0.69
UnlockPrefix: UPSDEUSMIME
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
addCertificate_2:
addCertificate_3:
constructSerialIssuerHashKey:
using issuerDN for self-issued certificate.
--constructSerialIssuerHashKey
certHashEntryB: 00:NL, UPS, UPS, ups@douane.lan
skiHashKey: SubjectKeyId:iyu179VlVBpz7HjVmzV4TAMr6Ck=
--addCertificate_3
--addCertificate_2
decryptMime:
unenvelope:
loadPkcs7Der:
DerParseTimeMs: Elapsed time: 0 millisec
loadPkcs7Xml:
Pkcs7_EnvelopedData:
AlgorithmIdentifier_loadXml:
oid: 1.2.840.113549.3.2
RC2_CBC
IV: hin4yTv0Arg=
KeyLength: 40
--AlgorithmIdentifier_loadXml
numRecipients: 1
RecipientInfo:
IssuerAndSerialNumber:
serialNumber1: 00
issuerCommonName:
issuerCountry: NL
issuerState:
issuerLocality:
issuerOrganization: UPS
issuerDN: NL, UPS, UPS, ups@douane.lan
--IssuerAndSerialNumber
AlgorithmIdentifier_loadXml:
oid: 1.2.840.113549.1.1.1
--AlgorithmIdentifier_loadXml
encryptedKeyNumBytes: 128
--RecipientInfo
--Pkcs7_EnvelopedData
--loadPkcs7Xml
Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
--loadPkcs7Der
unEnvelope3:
unEnvelope_encrypted:
findMatchingPrivateKeyFromSysCerts:
numRecipientInfos: 1
certSerialNumber: 00
certIssuerCN:
certIssuerDN: NL, UPS, UPS, ups@douane.lan
subjectKeyIdentifier:
--findMatchingPrivateKeyFromSysCerts
AlgorithmIdentifier:
oid: 1.2.840.113549.1.1.1
--AlgorithmIdentifier
Decrypting symmetric key...(1)
modulus_bitlen: 1024
bigEndian: 1
padding: PKCS 1.5
sizeAfterPkcs15_decode: 5
Decrypting data using symmetric key (1)
decryptedSymmetricKeyLen1: 5
symmetricDecrypt:
getByAlgorithmIdentifier:
algId_oid: 1.2.840.113549.3.2
RC2_CBC
keyLength: 40
--getByAlgorithmIdentifier
symmetricKeySizeInBytes: 5
numBytesToDecrypt: 2968
symmetricDecryptOutputSize: 2961
--symmetricDecrypt
--unEnvelope_encrypted
--unEnvelope3
cert_issuer: NL, UPS, UPS, ups@douane.lan
cert_subject: NL, UPS, UPS, ups@douane.lan
unenvelopedDataSize: 2961
replaceWithUnenveloped:
unwrapSignedData:
loadPkcs7Der:
DerParseTimeMs: Elapsed time: 0 millisec
loadPkcs7Xml:
loadSignedDataXml:
NumDigestAlgorithmIdentifiers: 1
AlgorithmIdentifier_loadXml:
oid: 1.2.840.113549.2.5
--AlgorithmIdentifier_loadXml
AlgorithmIdentifier:
oid: 1.2.840.113549.2.5
--AlgorithmIdentifier
This is an opaque signature.
Recovered original content.
OriginalContentLen: 622
numSigners: 1
SignerInfo:
signerInfoLoadXml:
serialNumber2: 00C3918D35176FC3F7
issuerCN: Koeriers
digestAlgorithmOid: 1.2.840.113549.2.5
No SignerInfo message digest found.
signerAlgorithmOid: 1.2.840.113549.1.1.1
signerDigestSize: 128
--signerInfoLoadXml
--SignerInfo
--loadSignedDataXml
--loadPkcs7Xml
Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
extractCertsFromSignedData:
numCerts: 1
certificate:
IssuerCN: Koeriers
SerialNum: 00C3918D35176FC3F7
SubjectDN: C=NL, ST=Brabant, L=Eindhoven, O=Belastingdienst Douane, OU=Team Koeriers, CN=Koeriers, E=douane@douane.lan
--certificate
addCertDer:
addCertificate_3:
constructSerialIssuerHashKey:
using subjectCN for self-issued certificate.
--constructSerialIssuerHashKey
certHashEntryB: 00C3918D35176FC3F7:Koeriers
skiHashKey: SubjectKeyId:fdGnm2CCLZ1gqrijbQ6e/7Mlzgo=
--addCertificate_3
--addCertDer
--extractCertsFromSignedData
extractCertsTimeMs: Elapsed time: 0 millisec
--loadPkcs7Der
verifyOpaqueSignature:
verifySignature:
numSigners: 1
numDigestAlgorithms: 1
Computing MD5 message digest.
numBytesDigested: 622
md5_hash: 393E 6A78 ABA6 F59E AE7A AC91 1EF5 8E8B
numSigners: 1
signerDigestAlgOid: 1.2.840.113549.2.5
messageDigestSize: 0
SignerInfo message digest is empty.
Signer:
getSignerInfoCert:
issuerCN: Koeriers
serialNum: 00C3918D35176FC3F7
--getSignerInfoCert
--Signer
All digests verified.
Skipped verification of certificates.
--verifySignature
--verifyOpaqueSignature
--unwrapSignedData
--replaceWithUnenveloped
--unenvelope
Success.
--decryptMime
mergeSysCerts:
addCertificate_3:
constructSerialIssuerHashKey:
using issuerDN for self-issued certificate.
--constructSerialIssuerHashKey
skiHashKey: SubjectKeyId:iyu179VlVBpz7HjVmzV4TAMr6Ck=
The cert hash map already contains this skiHashKey...
--addCertificate_3
--mergeSysCerts
Success.
--Decrypt2
--ChilkatLog