How to encyrpt a message using someone's pkcs7 signed-data? - encryption

i need to send a XML data to applications that check data integrity.
demodata.pem (http://privatepaste.com/376402542e)
ca.pem (http://privatepaste.com/85fff7bfe3)
D:\stest\wz\apptest\dist\q\realq>openssl smime -verify -inform pem -in demodata.pem -CAfile ca.pem -out out.xml
Verification successful
D:\stest\wz\apptest\dist\q\realq>
so i refer below link to make a new messages.
https://unix.stackexchange.com/questions/118265/how-to-encyrpt-a-message-using-someones-ssl-smime-p7s-file
D:\stest\wz\apptest\dist\q\realq>openssl pkcs7 -in demodata.pem -inform pem -print_certs -out smime.pem
[smime.pem]
-----BEGIN CERTIFICATE-----
MIIDeDCCAuGgAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCS1Ix
EDAOBgNVBAgTB3dpenZlcmExDjAMBgNVBAcTBXNlb3VsMRAwDgYDVQQKEwd3aXp2
ZXJhMRAwDgYDVQQLEwd3aXp2ZXJhMRIwEAYDVQQDEwlheG1zZXJ2ZXIxHzAdBgkq
hkiG9w0BCQEWEHJvb3RAd2l6dmVyYS5jb20wHhcNMDgxMTE2MDYzMjA1WhcNMjkw
OTA3MDYzMjA1WjB7MQswCQYDVQQGEwJLUjEOMAwGA1UECBMFc2VvdWwxDjAMBgNV
BAcTBXNlb3VsMQwwCgYDVQQKEwNrZWIxDDAKBgNVBAsTA2tlYjESMBAGA1UEAxMJ
a2ViLmNvLmtyMRwwGgYJKoZIhvcNAQkBFg1heG1Aa2ViLmNvLmtyMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDqiAmyc1N+9/+dsOvA8ZvjpAHkF4ZmhSdjf2ZN
9xoh/M6z3YqkTHdchaAdTuiCSvAHiITYgCPEQ4h95ur2/0SdBFk7sbbmNmrhJWTv
KypizOKnJ27pVrNs/HhmMDWw3g0TQmwgDG8pUwR0M2tfP/Z5gNeFK49BnGZMCYJi
4zyQGwIDAQABo4H9MIH6MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRzwPiRKm5PWVsjsSat
FxRTyi3zWjCBnwYDVR0jBIGXMIGUoYGOpIGLMIGIMQswCQYDVQQGEwJLUjEQMA4G
A1UECBMHd2l6dmVyYTEOMAwGA1UEBxMFc2VvdWwxEDAOBgNVBAoTB3dpenZlcmEx
EDAOBgNVBAsTB3dpenZlcmExEjAQBgNVBAMTCWF4bXNlcnZlcjEfMB0GCSqGSIb3
DQEJARYQcm9vdEB3aXp2ZXJhLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQCd3RYF
Nn22ca9x1lD/vvKuDk+DM5/448kKowu0zVheWvaU/GrKTCvtyJNMnr87dEn219BE
iAczBxzYaXnQAK09vptCKbc+tc/QG0NRalSxidIiuPvbIjzko/j4IuX6IWOR+5Ka
/EhbG4N5WrmKZkuSpuFxrwdbh5i/AtEpkqBv9w==
-----END CERTIFICATE-----
D:\stest\wz\apptest\dist\q\realq>openssl smime -encrypt -text -in newxml.txt -out newdata.der -outform der smime.pem
Loading 'screen' into random state - done
D:\stest\wz\apptest\dist\q\realq>openssl smime -verify -inform der-in newdata.der -CAfile ca.pem
Verification failure
8476:error:21075071:PKCS7 routines:PKCS7_verify:wrong content type:.\crypto\pkcs
7\pk7_smime.c:285:
D:\stest\wz\apptest\dist\q\realq>
but as you can see, Verification is failed.
so how can i make signed-data from someone's data. does it possible ?

Related

How to decrypt a large AES encrypted data with openssl command?

I want to decrypt large AES encrypted data:
Encrypted data: 7dS560FiDJvUji7c+ky/9nQp+HwK3SEOkY4zefqlFuEyF2/vevrv8K4GJNr2zxD7+j28RK97LmaHjwY9F+/feO6T2DAQuJQsT3wp/fKCPyErwZggsE+ufzvEJZK/XObR8CdbBe8EGZC//JsuMo7MV6SSe267jp4U2iIz4xIFxUlFVy9QcjTr6AUJZdVogedreBgy3/q/isAqOvwoHuj74MV5gkfaXWvmqESjMF4s5wMsYmS1WuBWOR6rw+TSwuL52CiVC5arHuJJEKuodO58bJ+1Ip9uelUIOETswiZmZB6gpTkbos7ij0BpJregejT+9vsDO1tB7+QpByMqeeEbEiSp4N833Z29WmVmy+HpxdZvOPIJ2pyelVhRVPPs/V7VREs4v8/e3X1jR0saA1sSyKYNgIGZUWaQTJwBNi87IPkGiUtyhPnrrKh+BighshJi+Jd+s3+sTYM5CaADvaGhm3wx96rBQi2So+NmFcm5cQa4jRA4S8sLGHmniUO0iiEcxQ2FvlGt+0PBqdbCPewBgOHdjpBUYjs1oR4pV5VjbjTfuIh75G7TS6TZT/gMewJXOXPw88zsSgjXVjRK0obOXaJBKABJ8AqKbKULWHoeMuWW4OdiSZ7mNVt6N40LK/u12vpqWU7Wt5XbSeE3arJPjljEV7WhafKvIOHFx+cK0wB9LQnFUrx/FTLL5HDDEkhnVkm02vxXSFKDwP36VgQnPpvOnY5fbJUTyjnwJcO8I9/H1hYwzPRhos2eNAdHZ3aMysU8zSobwUVto9GnQrvVmVURFyEX6fwifkrf2DTfCsDNSsHt4DLCtsszABKTwTezUoBesNkndk/Qkcd13GEZjTHoyP2tLp85nYwbwI6P+yr1jeu9v3ocN5p0LWPXdwlyTo55WeYkGzlJLsM6d9sut1qlcyQ2AZ536+eYFAIURJkmSexwfbdRebwckvqURRO3a55WCbLxVARKDHnyfculr/ndwyZF7J0RX4G1KcwSgfRdnBpUCkpGeQRImv5Ry5RYXwp5XfKQDrGTCEhV3XtDBD4b2eTxw4KwgJUq9T6IQjNNyPyDwM5AFxS2Y+4wAA0PA2iADfVe3kZrOKYpZvVn0Q== (base64 encoded)
Key: uHe2MCmggLlugpGBiMVuXTck7OT8Nk8g (base64 encoded)
Cipher: AES-256-CBC
IV: LNP8U7pc6GjxzxAtgw4s3A== (base64 encoded)
I try to use this command for it:
openssl aes-256-cbc -d -in data.enc -out data.dec -K $key -iv $iv
In $key and $iv i decoded from encoded values this way
iv=$( cat response.json | jq .iv -r | openssl base64 -d | xxd -p | tr -d '\n' )
But i have crashed data like this
^GÌ<8a>û)F"PEi~^K±jÔ^AcWSM
23NDwSOqovXSFGNfy3WatkCreYRd7kcWSM";

DES signature confusion

I was recently examining a file containing cleartext, then under the cleartext:
This is cleartext. A message presumably signed with the below certificate.
-----BEGIN CERTIFICATE-----
Proc-Type: 4,ENCRYPTED
Modulus: 31353732
DEK-Info: DES-CBC,656e733333
MIIBwcHBwcHBwcHAAgAAAcIAAAIAAAAAAAyZjAwMDAwMDAwZjAwMDBmMDAwMDAwM
DBmMDAwMDBmMGgwMDAwMDAwMGYwMGYwMGYwMDAwMGZmMDAwMDAwMDBmegAICGUHm
QBxb3mYbXBveW2ZcZYHaW9hAKoulAeZU29sU2+jAKougQCUcZZnmXGYB4JxlnmVU
G0HZ6pngi6XB3OCcZVxZ6oulXGUZ4J5lXGUB3lvaYFxlgeVZZd5l1BtM5Z5lWeUe
ZdQbXGZLoEAlHGWZ5lxmAeCZ4IubW9ncAB4cZZnmXGYB4JxmGeYKaopqnGYZ4Epq
gCWcZhngQCYeWmqa6pQbXmXLmeqeZdQbXGZLoEAlHFlb3CZZ5lxmAeCbIEAlHGWZ
5lxmAeCZZh5l2WUB5lngnmVB5dllnGVcWc4mHmVB4FllmWYZ5lxgnmXUG1xmS6BA
JRxlmeZcZgHgneBAJRxlmeZcZgHgnGVB5cHAKoAmC6Z5W9xLplnAKptd2uqcZYul
weWAJhQbQdnqmVnqnmXUG1xmS6BAJRxlmd5B5hxmHmXUG1xmS6BAJRxlmeZcZgHg
nGWB5Vll3mVcXJQbQdnqgeWB2eqZ4Iuly6WKapQbQdnqmVnqnmXUG1xNACUcZl5l
1BtcZkugQCUcZZnmXGYB4JxlgeVcZl5lXFmcZh5lWWXeQCqZ4Iul2WZB5YHZ6png
i6XZWeqeZdQbW9xlnmVLmeqeZdQbXGZLoEAlHGWZ5lxmAeCcZYHlS6Wb5gHglBtB
2eqB5YpqlBtB5UHlmuqcZYul2VnqnmXUG1ignGYB5UuZ6p5l1BtcZkugQCUcZZnm
XGYB4JxlgeVcTCZcZgHgnGYLpcHlmuqcZYulweWa6pxli6XZZd5l1BtOXGYB2eqZ
Zh5l1BtcZkugQCUcZZnmXGYB4JxlnmVcZQ3cZgHgnGWLpdll3kAqmeCLpcHlgdnq
nGWeZVlZ6p5lzJxgnGWeZUuZ6p5l1BtcZkugQCUcZZnmXGYB4JxlgeVZmeZcS5vc
XGZB4JlmAeVB5ZrqnGYeZUHlmuqcZh5lWVyeZUHl3GCcZYHlS6VeZdQbXGZLoEAl
HGWZ5lxmAeCcWGUcZZnmXGYB4JxmC6XB5ZrqlBtB2eqB5ZxgnGYLpdldS6UcYJxm
C6YZWeqeZdQbXGZLoEAlHGWZ5lxmAeCcZZ2cZZnmXGYB4Jxli6XB5YpqnGYLpcul
gdnqlBtB5VlZzVnqi6Ua6plmAeVZZR5l1BtcZkugQCUcZZnmXGYB4JxeZRxlmeZc
ZgHgnGYLpculgdnqlBtB5UHlimqcZgul2V5B5UulHGCcZZ5lWWYeZdQbXGZLoEAl
HGWZ5lxmAeCcTeUcZZnmXGYB4JxmC6XB5ZrqnGYeZUHlimqcZgul2VnamcAqnGCc
ZYHZ6pllHmXUG1xmS6BAJRxlmeZcZgHgnFicZZnmXGYB4JxmHmVB5YHZ6pxlnmVB
5YHZ6plmGcAqmwHlwcAqmeXZ5QulwcAqnmXUG1xmS6BAJRxlmeZcZgHd4EAlHGWZ
5lxmAeCcZguly6UZZZlgS6YLpZtlXGYB2dwB4EAmAeCZ5lllAdnqmWYB5UHAKp5l
1BtcZkugQCUcWdQbXGZLoEAlHGWZ5lxmAeCcZYHmQcAqi4AqnGWLpcucWeZKapxg
meCeZVlgQCUB4JnmQCYeZdQbXGZLoEAlHE5AKp5l1BtcZkugQCUcZZnmXGYB4Jxl
geVcZYpqgeCZ2gHmQcAqi4AqnGYB5UugXGCcZYHlS6VeZdQbXGZLoEAZnmXUG1xm
S6BAJRxlmeZcZgHgnGYB2eqLoEAlnGWB5dmZ4Iul3GUZZZxlQeVcZRtlXGYB2eqc
Zh5l1BtcZkugTg=zJZkhn==
-----END CERTIFICATE-----
I googled DES-CBC and found that it was a symmetric key algorithm. From this information, through bruteforce, could the original secret key be found and the encrypted data be decrypted to cleartext? How about re-encrypted to yield the same encrypted text?

How do I decrypt the ciphertext given the private key with RSA?

I have this private key and I am trying to decrypt the ciphertext:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAkfmJTVkwbRXOtWN76j2MAmbwCMReCkV3hWG+23zEmivwVEUtlUNvmFkSx9fFSRgGLMW+TPleLybU629fYDTXSPmIzLM3faxIyzyI2LJdRAaQMWo1FUcVI8ME5/BX9T5Ebu6D2dA8zJzJ68dGkHmhSxhOC97vLQfjj3tNCAL1IulyVk/ZyV6BVPxpiD3WB4rfo+SBe8H7019+dnaR/DcTcCsxF+oj7KOunfPPqBZBGMRe7ADj/vPYqgpoTWyA8m0juJyVNjqBnFUeyZEPwjqYUKEXpw64YXDZH/hbJI6VaFmj/KpMzBv/gIowE+yOu1V5tsOSCqDsd6EgDfQU92FhpwIDAQABAoIBAEkkZb3SAMfH84lDzeUy7aKOfZuG+S/gWuEEdyN3QvOVLJitCQgPgC0wBI8J+JqFZSKt+oqLMLwjkvBdH8cO8whnsDoRWq6n0tmy/UbHKKBbQYjhFLQSp+8BWsX00b3ac2O6M2rCQpSrwylW8m6V41HDXefozqMbntRYDeMDyFyzJnto2nBJ4sM7esiSIhERUeXlz8QHmxn0Ay3j8LnSBtCKdZ3nAQ19No6naRu7IbrMGbqWnzxiWa5PqJa1gF9wMMHI0Vfz6lT6x/qT5nYPORRxakuuUg9BmwJmhElOZqf/tC3YCcrGOfq04u+AS+S2GE7C2yOAfhX15HgP8FeiEdECgYEAu1vMVNMRrjbkLF4wBJ4tOVDylDEU9/quuzK21JVKEePZJP/gK2O+1nO9xGGfFRtnBeDnz7mgLuD04lnRZnSFfE+S3WDcb94hkJl0K00Z2sGIPvSR7S5853kua591QT6QNhTDP8PUdIGrSZBFJ+DyZgdBdlcxOiNh0nWzIFbWnx0CgYEAx3RiM3ySvsb7ZOg3/RMWD4r33rb3DRiDoa5PObNtqesbqYU5BOUl3IQY86kYwLQttgrcgb9xtTmBXS0rcWSAa3ndXdULujRIwK3IaJTz98Pu9iAzj8RNIFk9Sw9kUzmAHaSzXgZcjf9c5lL7jgrwjEfYeKvgkW1VoIb9lKng1JMCgYBE8AgFBgyxX30hXh6o9FKLjl9Ta6Pdgp2cP5LKMYwpfP6/AG9JR9BGNBwVEB5qs8R6g0CITDLGTPuN9aJ44lLjZJwTXLp/ZupOvEfkTuA+f4tULsUq0jofKZWNAAUy1oRVgdo9sh6QJ84QqUbo33oRVIYftwFj9PTfbXNVaN5beQKBgC/vudZT/1TYr/ztjt9FIg00QiSF5tR/6ssGAMaGaDnpZqmUekLB7BqWqQSOxIM0CrRw4dRRNbvviTbir0k+dVrfXCO8G2hyPnYIjl0MR6JptdnznVDVRhAbQo7ysRMLg84cEnvrnX0HPcWhdhIKcQvWDKHb9Uoec/Dz4KhFN+L/AoGATnaM4pl/tv735KcNn+qpgyB2Qd01qasRahecchPZqujH0+roS3llDJFN09NG9BzmAQFi2yH7Asx5KmIHqyWiYqyMXGUcsauT3u+xsDYWxObqAW7q7sMCKlfRtsnEWli3FOWNufO0TBwGeL9xVjL3nXXIsD9J5/iq1cH/RuIVoX4=
-----END RSA PRIVATE KEY-----
The ciphertext:
M8zhAvxu/lkEcH42Eoe/cPjL6WJwPo1FZOK8Ta4SmigoHl9omd5Dol84vY3GfyzIZ0hHHp5gO3A4MjktImsLnT3Xx/myUearG/Ii24C+6irFapMqghziuMDYpeh7rs8G8ggE/rkjZaAAPSb/FgEDQkknL2qr4kxwyQybsnfmDDUqJ3q3lf0gRBDJ/2yr+aQyUcw3nK/zewbZjwlUeSyTvs76HhFtUDTyAlhB37961j9qfu+cxX34PtJlHWlF7k0WAuxQ4w7aCwkuQIvBOk/FUK3Ta1TrGEXg9iczPj6QacLI2DSjEPbODHsje82Fw+1ylcD1tF2mZ7GnnqtUw/9YoQ==
I tried to use these commands but without sucess:
openssl rsautl -decrypt -in ciphertext -out plaintext -inkey private_key
In this case I get the fallowing error:
rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len:rsa_eay.c:518
openssl enc -in ciphertext -out binarytext -d -a
openssl rsautl -decrypt -in binarytext -out plaintext -inkey private_key
If I try these 2 commands I get this error:
rsa routines: RA_padding_check_PKCS1_type_2:pkcs decoding error
rsa routines: RSA_EAY_PRIVATE_DECRYPT:padding check failed

Openssl cannot decrypt message using PuttyGen private key

I've created public and private keys using PuttyGen then the public key was used to encrypt a message.
I am now trying to decrypt such message using the private key with the following command:
echo [my encrypted message] | openssl enc -d -base64 -A | openssl rsautl -decrypt -inkey ~/.ssh/private.ppk
but I get the error:
unable to load Private Key
6870300:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
The private key looks like this (actual key omitted):
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20170724
Public-Lines: 6
[...]
Private-Lines: 14
[...]
Private-MAC: [...]
What's wrong?

Thanks to this guy I sorted it out.
I've reopened the private key with PuttyGen and exported as OpenSSH, then used this new file to decrypt the message.

How to convert DER formatted public key file to PEM form

I need to use the PEM formatted public key for some purpose, but not finding the command which can convert DER formatted public key to PEM formatted public key.
The command I have used -
openssl rsa -in user_id_rsa.pub -inform DER -outform PEM -out pubkey.pem
But i got the below error -
unable to load Private Key
139901900170912:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
139901900170912:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:677:
139901900170912:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
139901900170912:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:388:Type=RSA
My expected output should be in this format-
-----BEGIN RSA PUBLIC KEY-----
KEY CONTENT
-----END RSA PUBLIC KEY-----
Is anyone has try the same?

Resources