Archived Forum Post

Index of archived forum posts

Question:

mime 9.4.1.0 vs 9.5.0.55

Sep 07 '17 at 04:59

We discovered an issue on the mime part which we ONLY got to work with version 9.4.1.0. When decrypting a mime mail object no version before !!or after!! 9.4.1.0 can decrypt our mime. Using version 9.4.1 works just like expected

Decrypt:
    DllDate: Dec 29 2015
    ChilkatVersion: 9.5.0.55
    UnlockPrefix: XXXDEUSMIME
    Username: --------:-------
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 0
    decryptMime:
        unenvelope:
            loadPkcs7Der:
                der_to_xml:
                    (leaveContext)
                loadPkcs7Xml:
                    Pkcs7_EnvelopedData:
                        AlgorithmIdentifier_loadXml:
                            RC2_CBC
                            IV: K2gyn/LeD78=
                            KeyLength: 40
                            (leaveContext)
                        numRecipients: 1
                        RecipientInfo:
                            IssuerAndSerialNumber:
                                issuerCommonName: 
                                issuerCountry: XX
                                issuerState: 
                                issuerLocality: 
                                issuerOrganization: XXX
                                (leaveContext)
                            AlgorithmIdentifier_loadXml:
                                (leaveContext)
                            encryptedKeyNumBytes: 128
                            (leaveContext)
                        (leaveContext)
                    (leaveContext)
                (leaveContext)
            unEnvelope3:
                unEnvelope_encrypted:
                    findMatchingPrivateKeyFromSysCerts:
                        numRecipientInfos: 1
                        certSerialNumber: 00
                        certIssuerCN: 
                        subjectKeyIdentifier: 
                        findPrivateKey:
                            findCertificate:
                                findCertB:
                                    (leaveContext)
                                findCertBySerialAndIssuerCN:
                                    msFindMsCertBySerialAndIssuerCN:
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        openCertStore:
                                            (leaveContext)
                                        (leaveContext)
                                    (leaveContext)
                                (leaveContext)
                            (leaveContext)
                        findPrivateKey:
                            findCertificate:
                                findCertB:
                                    (leaveContext)
                                findCertBySerialAndIssuerCN:
                                    msFindMsCertBySerialAndIssuerCN:
                                        (leaveContext)
                                    (leaveContext)
                                (leaveContext)
                            (leaveContext)
                        (leaveContext)
                    No certificate with private key found.
                    (leaveContext)
                (leaveContext)
            Failed to unenvelope message
            (leaveContext)
        Failed.
        (leaveContext)
    Failed.
    (leaveContext)


Answer

We'd need to see the LastErrorText for the success case using v9.4.1. The LastErrorText will contain content for both successful and failed method calls. Also:

  1. Turn on verbose logging by setting the VerboseLogging property = true.
  2. Make sure to post the contents of LastErrorText in "pre" tags, to maintain the line-endings.

Answer

Hi support team. After putting this on hold for some time I had to get back to the same and I still have the same issue, so requesting your support now with MORE details and findings: To sum up, I tested the same mail (encrypted), same certificate and on the same machine on 3 different Chilkat versions 9.4.1.25: works (the .Net 2.0 framework) 9.5.0.56: FAILS (the .Net 4.5.2 framework) -- The one I need 9.5.0.69: works (the .Net 6.1 famework - latest)

I m posting now the LasteErrorText output from all 3 attempts in the above order

Chilkat version 9.4.1.25 - successful encrypted

ChilkatLog:
  Decrypt:
    DllDate: Jul  8 2013
    ChilkatVersion: 9.4.1.25
    UnlockPrefix: UPSDEUSMIME
    Username: WKSP000587B3:KLN1AVP
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 1
    certSerialNumber: 00
    certIssuerCN: 
    loadPkcs7Der_5:
      DerParseTimeMs: Elapsed time: 0 millisec
      loadPkcs7Xml:
        Pkcs7_loadXml:
          Pkcs7_EnvelopedData:
            RC2_CBC
            IV: hin4yTv0Arg=
            KeyLength: 40
            numRecipients: 1
            RecipientInfo:
              IssuerAndSerialNumber:
                serialNumber1: 00
                issuerCommonName: 
                issuerCountry: NL
                issuerState: 
                issuerLocality: 
                issuerOrganization: UPS
              --IssuerAndSerialNumber
              encryptedKeyNumBytes: 128
            --RecipientInfo
          --Pkcs7_EnvelopedData
        --Pkcs7_loadXml
      --loadPkcs7Xml
      Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
    --loadPkcs7Der_5
    UnEnvelope2:
      FindMatchingRecipientInfo:
        NeedSerial: 
        NeedIssuerCN: 
        NumRecipientInfos: 1
        Found matching RecipientInfo
      --FindMatchingRecipientInfo
      AlgorithmIdentifier:
        oid: 1.2.840.113549.1.1.1
      --AlgorithmIdentifier
      Decrypting symmetric key...(3)
      ModulusLen: 129
      DLen: 128
      PLen: 65
      QLen: 65
      DPLen: 65
      DQLen: 64
      InvQLen: 64
      modulus_bitlen: 1024
      littleEndian: 1
      encryptedData: 2E22 D5D7 3E72 1E1F 32F4 90DC 6B89 994A
2402 051D EC03 589D 7C7E 521A B5E9 D5D6
52C7 4896 C797 FFA5 E5C2 7E89 1A8C 7849
131A AC8E B45E 235E 6CB8 8CAA 62C9 D0DA
41B4 99C6 AC19 FD02 DB6F EA07 3E3A 45B6
91AC 0A97 7D4F BBEF D9C2 23C4 336A 05B6
1BF2 E2AC 8D7C A620 7DCB 8B8B CF1D 639D
460D A28F 0936 9EE1 EE88 2FAD 166B DB71
      exptmod: Elapsed time: 16 millisec
      exptmod_decoded: 0270 9B05 6F09 BF81 1019 38EC B078 3B04
69EE A593 259B BAA7 11CD 9BC8 F445 8BD5
E896 7BC1 07D0 9070 0BBA 199C 898C 7891
8753 CF3D 9E57 7FB5 E258 CD59 B604 97AD
45DB 4855 4421 5ADF FE77 9042 D190 C176
4233 A362 DD60 2E30 6321 9A6C 389E 127D
78BC 38FC 698B B0A2 0D3F 8BA9 EB8F D7E9
97BF 53AD 1DB0 C551 1F00 DABC 54ED B4
      exptmod_decoded_size: 127
      padding: PKCS 1.5
      sizeAfterPkcs15_decode: 5
      Decrypting data using symmetric key (3)
      decryptedSymmetricKeyLen3: 5
      symmetricDecrypt_3:
        setByAlgorithmIdentifier:
          algId_oid: 1.2.840.113549.3.2
          RC2_CBC
          keyLength: 40
        --setByAlgorithmIdentifier
        symmetricKeySizeInBytes: 5
        numBytesToDecrypt: 2968
        algorithm: rc2
        keyLength: 40
        outputSize: 2961
        symmetricDecryptOutputSize: 2961
      --symmetricDecrypt_3
    --UnEnvelope2
    LoadMimeComplete2:
      Found end-of-header.
      setHeaderContents:
        ParseMimeHeader:
          Header is entirely 7-bit
          FinalCodePageDecision: 0
          unfoldedHeaderField1: Mime-Version: 1.0
          MimeField:
            rawField: Mime-Version: 1.0
            name: Mime-Version
            value: 1.0
          --MimeField
          unfoldedHeaderField1: Content-Type: application/x-pkcs7-mime; smime-type=signed-data;    name=smime.p7m
          MimeField:
            rawField: Content-Type: application/x-pkcs7-mime; smime-type=signed-data;    name=smime.p7m
            name: Content-Type
            value: application/x-pkcs7-mime; smime-type=signed-data;    name=smime.p7m
          --MimeField
          unfoldedHeaderField1: Content-Transfer-Encoding: base64
          MimeField:
            rawField: Content-Transfer-Encoding: base64
            name: Content-Transfer-Encoding
            value: base64
          --MimeField
          unfoldedHeaderField2: Content-Disposition: attachment; filename=249WKSKA.DAT
          MimeField:
            rawField: Content-Disposition: attachment; filename=249WKSKA.DAT
            name: Content-Disposition
            value: attachment; filename=249WKSKA.DAT
          --MimeField
        --ParseMimeHeader
      --setHeaderContents
      parseMimeBody:
        contentType: application/x-pkcs7-mime; smime-type=signed-data;    name=smime.p7m
        charset: 
        clearing charset based on content-type.
        treating body as binary (non-character) data.
        treating body as binary data because of attachment status.
        bIsAttachment: 1
        setMimeBodyByEncoding2:
          encoding: base64
          entireBodyLen: 2764
          charset: 
          isText: 0
          wasReally1252: 0
        --setMimeBodyByEncoding2
      --parseMimeBody
    --LoadMimeComplete2
    Success.
  --Decrypt
--ChilkatLog

Now the failing Log from 9.5.0.56

ChilkatLog:
  Decrypt2(31ms):
    DllDate: Mar 11 2016
    ChilkatVersion: 9.5.0.56
    UnlockPrefix: UPSDEUSMIME
    Username: WKSP000587B3:KLN1AVP
    Architecture: Little Endian; 32-bit
    Language: .NET 4.5
    VerboseLogging: 1
    addCertificate:
      addCertificate:
        constructSerialIssuerHashKey:
          using issuerDN for self-issued certificate.
        --constructSerialIssuerHashKey
        certHashEntryB: 00:NL, UPS, UPS, ups@douane.lan
        skiHashKey: SubjectKeyId:iyu179VlVBpz7HjVmzV4TAMr6Ck=
      --addCertificate
    --addCertificate
    decryptMime(31ms):
      unenvelope(31ms):
        loadPkcs7Der:
          DerParseTimeMs: Elapsed time: 0 millisec
          loadPkcs7Xml:
            Pkcs7_EnvelopedData:
              AlgorithmIdentifier_loadXml:
                oid: 1.2.840.113549.3.2
                RC2_CBC
                IV: hin4yTv0Arg=
                KeyLength: 40
              --AlgorithmIdentifier_loadXml
              numRecipients: 1
              RecipientInfo:
                IssuerAndSerialNumber:
                  serialNumber1: 00
                  issuerCommonName: 
                  issuerCountry: NL
                  issuerState: 
                  issuerLocality: 
                  issuerOrganization: UPS
                --IssuerAndSerialNumber
                AlgorithmIdentifier_loadXml:
                  oid: 1.2.840.113549.1.1.1
                --AlgorithmIdentifier_loadXml
                encryptedKeyNumBytes: 128
              --RecipientInfo
            --Pkcs7_EnvelopedData
          --loadPkcs7Xml
          Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
        --loadPkcs7Der
        unEnvelope3(31ms):
          unEnvelope_encrypted(31ms):
            findMatchingPrivateKeyFromSysCerts(31ms):
              numRecipientInfos: 1
              certSerialNumber: 00
              certIssuerCN: 
              subjectKeyIdentifier: 
              findPrivateKey(15ms):
                findCertificate(15ms):
                  findCertBySerialAndIssuerCN(15ms):
                    msFindMsCertBySerialAndIssuerCN(15ms):
                      certSerialNumber: 
                      certIssuerCN: 
                      needPrivateKey: 0
                      No match found in MY current-user certificate store.
                      No match found in MY local-machine certificate store.
                      No match found in AddressBook current-user certificate store.
                      No match found in AddressBook local-machine certificate store.
                      No match found in CA current-user certificate store.
                      No match found in CA local-machine certificate store.
                      No match found in ROOT current-user certificate store.
                      No match found in ROOT local-machine certificate store.
                    --msFindMsCertBySerialAndIssuerCN
                  --findCertBySerialAndIssuerCN
                --findCertificate
              --findPrivateKey
              findPrivateKey(16ms):
                findCertificate(16ms):
                  findCertBySerialAndIssuerCN(16ms):
                    msFindMsCertBySerialAndIssuerCN(16ms):
                      certSerialNumber: 00
                      certIssuerCN: 
                      needPrivateKey: 0
                      findCertBySerialAndIssuerCN(16ms):
                        Found certificate with matching serial number!
                        IssuerDN: C=CH, L=Bern, O=Eidg. Oberzolldirektion, OU=Test CA Abteilung, CN=OZD Test CA, E=admin@m90test.ezv.admin.ch,
                        Found certificate with matching serial number!
                        IssuerDN: C=CH, L=Bern, O=Eidg. Oberzolldirektion, OU=CA Abteilung, CN=OZD CA, E=admin@m90.ezv.admin.ch,
                      --findCertBySerialAndIssuerCN
                      No match found in MY current-user certificate store.
                      No match found in MY local-machine certificate store.
                      No match found in AddressBook current-user certificate store.
                      No match found in AddressBook local-machine certificate store.
                      No match found in CA current-user certificate store.
                      No match found in CA local-machine certificate store.
                      findCertBySerialAndIssuerCN:
                        Found certificate with matching serial number!
                        IssuerDN: C=CH, L=Bern, O=Eidg. Oberzolldirektion, OU=Test CA Abteilung, CN=OZD Test CA, E=admin@m90test.ezv.admin.ch,
                        Found certificate with matching serial number!
                        IssuerDN: C=NL, O=UPS, OU=UPS, E=ups@douane.lan,
                        Found certificate with matching serial number!
                        IssuerDN: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority,
                      --findCertBySerialAndIssuerCN
                      No match found in ROOT current-user certificate store.
                      findCertBySerialAndIssuerCN:
                        Found certificate with matching serial number!
                        IssuerDN: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2,
                        Found certificate with matching serial number!
                        IssuerDN: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority,
                      --findCertBySerialAndIssuerCN
                      No match found in ROOT local-machine certificate store.
                    --msFindMsCertBySerialAndIssuerCN
                  --findCertBySerialAndIssuerCN
                --findCertificate
              --findPrivateKey
            --findMatchingPrivateKeyFromSysCerts
            No certificate with private key found.
            RecipientInfos:
              recipient:
                certSerialNum: 00
                certIssuerCN: 
              --recipient
            --RecipientInfos
          --unEnvelope_encrypted
        --unEnvelope3
        Failed to unenvelope message
      --unenvelope
      Failed.
    --decryptMime
    mergeSysCerts:
      addCertificate:
        constructSerialIssuerHashKey:
          using issuerDN for self-issued certificate.
        --constructSerialIssuerHashKey
      --addCertificate
    --mergeSysCerts
    Failed.
  --Decrypt2
--ChilkatLog

and here the latest version which again WORKS

ChilkatLog:
  Decrypt2:
    DllDate: Aug 30 2017
    ChilkatVersion: 9.5.0.69
    UnlockPrefix: UPSDEUSMIME
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    addCertificate_2:
      addCertificate_3:
        constructSerialIssuerHashKey:
          using issuerDN for self-issued certificate.
        --constructSerialIssuerHashKey
        certHashEntryB: 00:NL, UPS, UPS, ups@douane.lan
        skiHashKey: SubjectKeyId:iyu179VlVBpz7HjVmzV4TAMr6Ck=
      --addCertificate_3
    --addCertificate_2
    decryptMime:
      unenvelope:
        loadPkcs7Der:
          DerParseTimeMs: Elapsed time: 0 millisec
          loadPkcs7Xml:
            Pkcs7_EnvelopedData:
              AlgorithmIdentifier_loadXml:
                oid: 1.2.840.113549.3.2
                RC2_CBC
                IV: hin4yTv0Arg=
                KeyLength: 40
              --AlgorithmIdentifier_loadXml
              numRecipients: 1
              RecipientInfo:
                IssuerAndSerialNumber:
                  serialNumber1: 00
                  issuerCommonName: 
                  issuerCountry: NL
                  issuerState: 
                  issuerLocality: 
                  issuerOrganization: UPS
                  issuerDN: NL, UPS, UPS, ups@douane.lan
                --IssuerAndSerialNumber
                AlgorithmIdentifier_loadXml:
                  oid: 1.2.840.113549.1.1.1
                --AlgorithmIdentifier_loadXml
                encryptedKeyNumBytes: 128
              --RecipientInfo
            --Pkcs7_EnvelopedData
          --loadPkcs7Xml
          Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
        --loadPkcs7Der
        unEnvelope3:
          unEnvelope_encrypted:
            findMatchingPrivateKeyFromSysCerts:
              numRecipientInfos: 1
              certSerialNumber: 00
              certIssuerCN: 
              certIssuerDN: NL, UPS, UPS, ups@douane.lan
              subjectKeyIdentifier: 
            --findMatchingPrivateKeyFromSysCerts
            AlgorithmIdentifier:
              oid: 1.2.840.113549.1.1.1
            --AlgorithmIdentifier
            Decrypting symmetric key...(1)
            modulus_bitlen: 1024
            bigEndian: 1
            padding: PKCS 1.5
            sizeAfterPkcs15_decode: 5
            Decrypting data using symmetric key (1)
            decryptedSymmetricKeyLen1: 5
            symmetricDecrypt:
              getByAlgorithmIdentifier:
                algId_oid: 1.2.840.113549.3.2
                RC2_CBC
                keyLength: 40
              --getByAlgorithmIdentifier
              symmetricKeySizeInBytes: 5
              numBytesToDecrypt: 2968
              symmetricDecryptOutputSize: 2961
            --symmetricDecrypt
          --unEnvelope_encrypted
        --unEnvelope3
        cert_issuer: NL, UPS, UPS, ups@douane.lan
        cert_subject: NL, UPS, UPS, ups@douane.lan
        unenvelopedDataSize: 2961
        replaceWithUnenveloped:
          unwrapSignedData:
            loadPkcs7Der:
              DerParseTimeMs: Elapsed time: 0 millisec
              loadPkcs7Xml:
                loadSignedDataXml:
                  NumDigestAlgorithmIdentifiers: 1
                  AlgorithmIdentifier_loadXml:
                    oid: 1.2.840.113549.2.5
                  --AlgorithmIdentifier_loadXml
                  AlgorithmIdentifier:
                    oid: 1.2.840.113549.2.5
                  --AlgorithmIdentifier
                  This is an opaque signature.
                  Recovered original content.
                  OriginalContentLen: 622
                  numSigners: 1
                  SignerInfo:
                    signerInfoLoadXml:
                      serialNumber2: 00C3918D35176FC3F7
                      issuerCN: Koeriers
                      digestAlgorithmOid: 1.2.840.113549.2.5
                      No SignerInfo message digest found.
                      signerAlgorithmOid: 1.2.840.113549.1.1.1
                      signerDigestSize: 128
                    --signerInfoLoadXml
                  --SignerInfo
                --loadSignedDataXml
              --loadPkcs7Xml
              Pkcs7XmlLoadTimeMs: Elapsed time: 0 millisec
              extractCertsFromSignedData:
                numCerts: 1
                certificate:
                  IssuerCN: Koeriers
                  SerialNum: 00C3918D35176FC3F7
                  SubjectDN: C=NL, ST=Brabant, L=Eindhoven, O=Belastingdienst Douane, OU=Team Koeriers, CN=Koeriers, E=douane@douane.lan
                --certificate
                addCertDer:
                  addCertificate_3:
                    constructSerialIssuerHashKey:
                      using subjectCN for self-issued certificate.
                    --constructSerialIssuerHashKey
                    certHashEntryB: 00C3918D35176FC3F7:Koeriers
                    skiHashKey: SubjectKeyId:fdGnm2CCLZ1gqrijbQ6e/7Mlzgo=
                  --addCertificate_3
                --addCertDer
              --extractCertsFromSignedData
              extractCertsTimeMs: Elapsed time: 0 millisec
            --loadPkcs7Der
            verifyOpaqueSignature:
              verifySignature:
                numSigners: 1
                numDigestAlgorithms: 1
                Computing MD5 message digest.
                numBytesDigested: 622
                md5_hash: 393E 6A78 ABA6 F59E AE7A AC91 1EF5 8E8B
                numSigners: 1
                signerDigestAlgOid: 1.2.840.113549.2.5
                messageDigestSize: 0
                SignerInfo message digest is empty.
                Signer:
                  getSignerInfoCert:
                    issuerCN: Koeriers
                    serialNum: 00C3918D35176FC3F7
                  --getSignerInfoCert
                --Signer
                All digests verified.
                Skipped verification of certificates.
              --verifySignature
            --verifyOpaqueSignature
          --unwrapSignedData
        --replaceWithUnenveloped
      --unenvelope
      Success.
    --decryptMime
    mergeSysCerts:
      addCertificate_3:
        constructSerialIssuerHashKey:
          using issuerDN for self-issued certificate.
        --constructSerialIssuerHashKey
        skiHashKey: SubjectKeyId:iyu179VlVBpz7HjVmzV4TAMr6Ck=
        The cert hash map already contains this skiHashKey...
      --addCertificate_3
    --mergeSysCerts
    Success.
  --Decrypt2
--ChilkatLog