Error: The enveloped-data message does not contain the specified recipient. #784
Comments
|
In your first case: X509Certificate2 signCertificate = signCertCollection[0];
var decryptionCertPassword = "xxxxx";
var decryptionCertBytes = signCertificate.RawData;
using var stream = new MemoryStream(decryptionCertBytes);
WindowsSecurityMimeContext.Import(stream, decryptionCertPassword, X509KeyStorageFlags.Exportable);That doesn't do what you think it's doing. It does NOT import the private key which is needed for verifying the signature. That ONLY imports the certificate itself. That's why that doesn't work. As for your second case: var messageAsBytes = new UnicodeEncoding().GetBytes(encryptedContent.ToString());
envelopedCms.Decode(messageAsBytes);
envelopedCms.Decrypt(cert); //Throws BadData exceptionWell, obviously ;-) Assuming that the This is a problem for multiple reasons:
If you were going to decrypt manually, you'd need to get the raw encrypted content like this: var pkcs7Mime = message.Body as ApplicationPkcs7Mime;
byte[] encryptedContent;
using (var stream = new MemoryStream ()) {
pkcs7Mime.Content.DecodeTo (stream);
encryptedContent = stream.ToArray ();
}
envelopedCms.Decode(encryptedContent);
envelopedCms.Decrypt(cert);Instead of that, though, I would recommend using the MimeKit APIs. To do that, all you should have to do is to stop importing cert.RawData (because that only contains the raw certificate data and not the private key which you ALSO need). In other words: var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var cert = store.Certificates.Find(X509FindType.FindByThumbprint, "0F303BAD81F333C7857D9F24BD58A4EE058BFFA3", false);
var ctx = new TemporarySecureMimeContext ();
ctx.Import (cert); // This will import both the certificate *and* the private key *as long as* the PrivateKey property is not null
// NOW you can decrypt:
var decrypted = pkcs7MimePart.Decrypt (ctx); |
|
When I try to use TemporarySecureMimeContext I am getting this error. instead of TemporarySecureMimeContext if we use WindowsSecureMimeContext, then it works in local but in azure portal it throws me error while import function as access denied.
|
|
In the meantime, you can Export() the X509Certificate2 to pfx format and import that. In other words, change your code to this: public MimeEntity Decrypt_509cert(ILogger log, MimeMessage message)
{
using var WindowsSecurityMimeContext = new WindowsSecureMimeContext();
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection signCertCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
"xxxxxxxxxxx",
false);
X509Certificate2 signCertificate = signCertCollection[0];
var decryptionCertPassword = "xxxxx";
var decryptionCertBytes = signCertificate.Export (X509ContentType.Pfx, decryptionCertPassword);
using var stream = new MemoryStream(decryptionCertBytes);
WindowsSecurityMimeContext.Import(stream, decryptionCertPassword, X509KeyStorageFlags.Exportable);
ApplicationPkcs7Mime encryptedContent = message.Body as ApplicationPkcs7Mime;
MimeEntity decryptedContent = encryptedContent.Decrypt(WindowsSecurityMimeContext);
return decryptedContent;
} |
We are trying to decrypt the signed and encrypted email using mimekit. we are able to decrypt the mail from my local machine. The same code once deployed to azure functions is throwing error 'The enveloped-data message does not contain the specified recipient.' in the decrypt function.
We also referred to a similar issue in the link: #38
as suggested there we tried using TemporarySecureMimeContext() instead of WindowsSecureMimeContext()
we get the error : BouncyCastle.Crypto: illegal object in GetInstance: Org.BouncyCastle.Asn1.DerSequence.
we also tried envelopedCms as referred in the link but we are getting the error 'asn1 bad tag value met.' in envelopedCms.Decode(data);
Please see if you can provide us with the solution.
Thanks in advance
The text was updated successfully, but these errors were encountered: