Menu
How can i extract the public certificate from an smime message (pkcs7-signature) with OpenSSL?
271
CMS is used as the key cryptographic component of many other cryptographic standards, such as S/MIME, PKCS #12 and the RFC 3161 digital timestamping protocol. OpenSSL is open source software that can encrypt, decrypt, sign and verify, compress and uncompress CMS documents.
With the command-line tool, assuming the S/MIME message itself is in file message:
openssl smime -verify -in message -noverify -signer cert.pem -out textdata This writes the signer certificate (as embedded in the signature blob) into cert.pem, and the message text data in the textdata file.
Alternatively, you can save the signature blob as an independent file (it is just a kind of attachment, so any mailer application or library should be able to do that. Then, assuming that the said blob is in a file named smime.p7s, use:
openssl pkcs7 -in smime.p7s -inform DER -print_certs which will print out all certificates which are embedded in the PKCS#7 signature. Note that there can be several: the signer's certificate itself, and any extra certificates that the signer found fit to include (e.g. intermediate CA certificates which may help in validating his certificate).
63
Or just:
cat message.eml | openssl smime -pk7out | openssl pkcs7 -print_certs > senders-cert.pem If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
