For some reason, I seem unable to find an answer to this basic question. I have received an encrypted S/MIME email, and I want to decrypt it using openssl smime. However, I assume I am unable to provide the key in the correct format. This is what I did:
- Saved the the email message (raw text format) as
smime-ok.txt - Exported my key from the OS X keychain as
myself.p12 - Exported my public certificate from the OS X keychain as
myself.cer
Then I tried
openssl smime -decrypt -in smime-ok.txt -recip myself.p12
But I get
unable to load certificate
37740:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.7/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
I also tried -inkey myself.p12 -recip myself.cer and some more variants, but that did not make a difference. I guess that my keyfile is not read, or not read properly, because I am not prompted for a password either.
I suspect I may basically misunderstand how to use openssl smime.
Best Answer
It is in fact the case that
openssl smimeexpects PEM format in the-recipinput, but the p12 file is in PKCS12 format. This is how to convert thep12file into apemfile:After that, the following decrypts the email as expected: