SMIME decryption for multiple recipients

Question

I am suppose to develop a SMIME based application in JAVA. These are certain areas where I need more clarification about SMIME en/de-crypttion. I understood how message encryption and decryption in case of a single recipient.

If There is only a single recipient

• A random generated session key used to encrypt message content.
• Then this random session key will be encrypted using receiver's public key then send SMIME message.
• The encrypted message will be decrypted using receiver's private key and retrieve the session key used to encrypt message in receiver side.

If there are multiple recipients are there, then

• A random generated session key used to encrypt message content.
• If a message is being sent to multiple recipients, the symmetric key is encrypted separately by every recipient's public key. The enveloped message and all encrypted symmetric keys are packaged together using the PKCS#7 format.
• Then this random session key will be encrypted using each receiver's public key then send SMIME message.

If multiple receivers encrypted session key come with same message,

• How the decryption in receiver side is done?
• Is the receiver iterate all encrypted session key and try to decrypt for session key?
• If there are 50 recipients, then does the receiver need to decrypt all recipient's encrypted text for session key?

Could anyone help me to find any useful resource or provide answer for my question?

Answer 1

If a message is being sent to multiple recipients, the symmetric key is encrypted separately by every recipient's public key.

The symmetric session key is also optionally asymmetrically encrypted for the sender.

all encrypted symmetric keys are packaged together

There is a block for each recipient with the encrypted key, serial number of the used certificate and so on.

Then this random session key will be encrypted using each receiver's public key then send SMIME message.

This is not the case. The above step is enough. The generated symmetric session key needs to be asymmetrically encrypted for each recipient (and sender), not more.

It's defined in CMS RFC5652 and S/MIME RFC5751. An S/MIME Message consists of MIME bodies and CMS content types. For each recipient (and sender) there must be a CMS RecipientInfo Type. In this type are the information which encryption key belongs to which recipient.

openssl cms -inform smime -in Test_enc.mbox -cmsout -print
CMS_ContentInfo: 
  contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
  d.envelopedData: 
    version: <ABSENT>
    originatorInfo: <ABSENT>
    recipientInfos:
      d.ktri: 
        version: <ABSENT>
        d.issuerAndSerialNumber: 
          issuer: C=.., ST=.., L=.., O=.., OU=.., CN=..
          serialNumber: 16756039346226544442
        keyEncryptionAlgorithm:
          algorithm: rsaEncryption (1.2.840.113549.1.1.1)
          parameter: NULL
        encryptedKey:
          0000 - 07 b9 dc b8 97 ed ea b0-8f 9c 30 fa 0c f6 a0   ..........0....
          ...
          01fe - f0 62                                          .b
        
      d.ktri: 
        version: <ABSENT>
        d.issuerAndSerialNumber: 
          issuer: C=.., ST=.., L=.., O=.., OU=.., CN=..
          serialNumber: 16756039346226544442
        keyEncryptionAlgorithm:
          algorithm: rsaEncryption (1.2.840.113549.1.1.1)
          parameter: NULL
        encryptedKey:
          0000 - 07 b9 dc b8 97 ed ea b0-8f 9c 30 fa 0c f6 a0   ..........0....
          ...
          01fe - f0 62                                          .b

Since this mail was encrypted for myself, the block is included twice, as sender and receiver.

• How the decryption in receiver side is done?
• Is the receiver iterate all encrypted session key and try to decrypt for session key?
• If there are 50 recipients, then does the receiver need to decrypt all recipient's encrypted text for session key?

The receiver has only to search for the appropriate issuer and serial number in the recipientInfos list to find the correct encrypted key.