I'm having some trouble decrypting emails with both an encrypted and unencrypted PEM certificate. I generated the PEM certificates from a PFX certificate with openssl as follows:
I have an email that decrypts fine when I load the PFX certificate it into the CkCrypt2 object with AddPfxSourceData(), however the two approaches I've tried with the PEM certificates have failed. I tried loading the encrypted PEM certificate with AddPfxSourceData(), and I tried creating a CkCert object with LoadFromFile() and adding it to the CkCrypt2 object with AddEncryptCert().
I believe both approaches failed for different reasons:
I can provide code snippets of my approaches if one of them is supposed to work, but I get the feeling that this might be unsupported.
asked Jan 30 '13 at 12:03
I get to answer my own question. You have to create a CkCert from the in-memory PEM file, export it to disk as a PFX file, then read it into the CkCrypt2 object.
Also, this appears to work no matter what you use for password. You don't even need the password used to encrypt the private key inside the PEM file...
answered Jan 30 '13 at 18:53
I'll have to look at your solution in more detail, but I was working on this alternate solution:
I created a new CkCertStore method for loading a PEM that contains multiple certs. The procedure would go like this:
Here is an example (with no error checking)
If you'd like a new build with this functionality, please let me know what operating system, and if Windows, what version of VC++. (also if it's 32-bit or 64-bit)
answered Jan 30 '13 at 20:05