Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CMS Enveloped Data creation failure
See original GitHub issueI am trying to create a CMS Enveloped Data using asn1crypto as a substitution of the Google’s certificate-transparency source code I forked on my project https://github.com/balena/python-smime. I had the idea of using asn1crypto after having some trouble when parsing indefinite-length attributes generated by certain E-Mail managers (like Thunderbird).
While asn1crypto is great for parsing all kinds of CMS data, I am getting some trouble when generating them. I have an unit test where the PKCS7 output is passed as input to command-line OpenSSL in order to make sure the implementation is compatible. But all I get is an error from OpenSSL when parsing ASN.1 tags (I don’t know exactly which one).
There is a single function responsible for returning a CMS ContentInfo structure as follows:
def __get_enveloped_data(pubkey_cipher, sym_cipher, x509_cert,
encrypted_key, iv, encrypted_content):
return cms.ContentInfo({
'contentType': cms.ContentType(u'enveloped_data'),
'content': cms.EnvelopedData({
'version': u'v0',
'recipient_infos': cms.RecipientInfos([
cms.RecipientInfo(
name='ktri',
value=cms.KeyTransRecipientInfo({
'version': u'v0',
'rid': cms.RecipientIdentifier(
name='issuer_and_serial_number',
value=__get_issuer_and_serial_number(x509_cert)
),
'key_encryption_algorithm': cms.KeyEncryptionAlgorithm({
'algorithm': pubkey_cipher.oid,
'parameters': core.Null()
}),
'encrypted_key': encrypted_key
})
)
]),
'encrypted_content_info': cms.EncryptedContentInfo({
'content_type': cms.ContentType(u'data'),
'content_encryption_algorithm': cms.EncryptionAlgorithm({
'algorithm': sym_cipher.oid,
'parameters': iv
}),
'encrypted_content': cms.OctetString(
encrypted_content, tag=0, tag_type='implicit')
})
}, tag=0, tag_type='explicit')
})
The object returned by the above function is encoded using:
encoded_content = __encode_in_base64(enveloped_data.dump())
And the __encode_in_base64 is just a pretty printer function to convert the DER output into BASE64.
When I execute the OpenSSL function:
$ openssl smime -decrypt -in tmp -inkey private_key.pem
All I get is the following:
Error reading S/MIME message
140702704453280:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1338:
140702704453280:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:852:
140702704453280:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:772:Field=type, Type=PKCS7
140702704453280:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode error:asn_mime.c:193:
140702704453280:error:0D0D40CB:asn1 encoding routines:SMIME_read_ASN1:asn1 parse error:asn_mime.c:528:
Do you have any idea what could be the problem? Is there any caveat when encoding asn1crypto structures like the above?
Issue Analytics
- State:
- Created 7 years ago
- Comments:18 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
As of afd3cac4b33d56aaf8ddcce2c333b60828350c3d, Python 2 should no longer raise an exception when debugging a
core.OctetString.As of 2260ee300972ae3e0cd7d31710d21432466773e0,
core.Sequencewill raise aValueErrorwhen an invalid field is specified.@balena I implemented your suggestion of being able to pass a
dictto acore.Choiceconstructor, but it felt like trying to pound a square peg through a round hole. I ended up stashing it in case I want to revisit later. What about being able to pass a 2-element tuple of(name, value)?Looks great! Thanks @wbond