SMIME解密多个收件人 [英] SMIME decryption for multiple recipients
问题描述
我了解如何在单个收件人的情况下进行消息加密和解密。
如果只有一个收件人
- 用于加密消息内容的随机生成的会话密钥。
- 然后这个随机会话密钥将使用接收者的公钥加密,然后发送SMIME消息。
- 加密的邮件将使用接收者的私钥解密,并检索
用于加密接收方邮件的会话密钥。
如果有多个收件人,那么
- A用于加密消息内容的随机生成会话密钥。
- 如果消息正在发送到多个收件人,则对称密钥将被每个收件人的公钥分开加密。包封的消息和所有加密的对称密钥使用PKCS#7格式打包在一起。
- 然后,这个随机会话密钥将使用每个接收者的公钥加密,然后发送SMIME消息。 >
如果多个接收者加密会话密钥带有相同的消息,
- 接收方是否迭代所有加密的会话密钥,并尝试解密会话密钥?
- 如果有50个收件人,那么接收方是否需要解密所有收件人的会话密钥的加密文本?
任何人都可以帮助我找到任何有用的资源或为我的问题提供答案?
如果一条消息被发送到多个收件人,对称密钥由每个收件人的公钥分开加密。
对称会话密钥也可选地对发送方进行不对称加密。
所有加密的对称密钥打包在一起
每个收件人都有一个加密密钥的块,使用证书的序列号等等。
然后,这个随机会话密钥将使用每个接收者的公钥加密,然后发送SMIME消息。
情况并非如此。上面的步骤就够了生成的对称会话密钥需要对每个收件人(和发件人)进行不对称加密,而不是更多。
它定义在 CMS RFC5652 和 S / MIME RFC5751 。 S / MIME消息由MIME主体和CMS内容类型组成。对于每个收件人(和发件人),必须有一个CMS RecipientInfo Type 。在这种类型中,加密密钥属于哪个收件人的信息。
openssl cms -inform smime -in Test_enc.mbox -cmsout -print
CMS_ContentInfo:
contentType:pkcs7-envelopedData(1.2.840.113549.1.7.3)
d.envelopedData:
version:< ABSENT>
originatorInfo:< ABSENT>
recipientInfos:
d.ktri:
版本:< ABSENT>
d.issuerAndSerialNumber:
issuer:C = ..,ST = ..,L = ..,O = ..,OU = ..,CN = ..
serialNumber:16756039346226544442
keyEncryptionAlgorithm:
算法:rsaEncryption(1.2.840.113549.1.1.1)
参数:NULL
encryptedKey:
0000 - 07 b9 dc b8 97 ed ea b0- 8f 9c 30 fa 0c f6 a0 .......... 0 ....
...
01fe - f0 62 .b
d.ktri :
版本:< ABSENT>
d.issuerAndSerialNumber:
issuer:C = ..,ST = ..,L = ..,O = ..,OU = ..,CN = ..
serialNumber:16756039346226544442
keyEncryptionAlgorithm:
算法:rsaEncryption(1.2.840.113549.1.1.1)
参数:NULL
encryptedKey:
0000 - 07 b9 dc b8 97 ed ea b0- 8f 9c 30 fa 0c f6 a0 .......... 0 ....
...
01fe - f0 62 .b
由于此邮件是为自己加密的,所以该块将作为发件人和接收方包含两次。
< blockquote>
- 接收方如何解密?
- 接收方是否迭代所有加密的会话密钥,并尝试解密会话密钥?
- 如果有50个收件人,那么接收方是否需要解密所有收件人加密的会话密钥?
r eceiver仅在 recipientInfos 颁发者和序列号 c $ c>列表以找到正确的加密密钥。
I am suppose to develop a SMIME based application in JAVA. These are certain areas where I need more clarification about SMIME en/de-crypttion. I understood how message encryption and decryption in case of a single recipient.
If There is only a single recipient
- A random generated session key used to encrypt message content.
- Then this random session key will be encrypted using receiver's public key then send SMIME message.
- The encrypted message will be decrypted using receiver's private key and retrieve the session key used to encrypt message in receiver side.
If there are multiple recipients are there, then
- A random generated session key used to encrypt message content.
- If a message is being sent to multiple recipients, the symmetric key is encrypted separately by every recipient's public key. The enveloped message and all encrypted symmetric keys are packaged together using the PKCS#7 format.
- Then this random session key will be encrypted using each receiver's public key then send SMIME message.
If multiple receivers encrypted session key come with same message,
- How the decryption in receiver side is done?
- Is the receiver iterate all encrypted session key and try to decrypt for session key?
- If there are 50 recipients, then does the receiver need to decrypt all recipient's encrypted text for session key?
Could anyone help me to find any useful resource or provide answer for my question?
If a message is being sent to multiple recipients, the symmetric key is encrypted separately by every recipient's public key.
The symmetric session key is also optionally asymmetrically encrypted for the sender.
all encrypted symmetric keys are packaged together
There is a block for each recipient with the encrypted key, serial number of the used certificate and so on.
Then this random session key will be encrypted using each receiver's public key then send SMIME message.
This is not the case. The above step is enough. The generated symmetric session key needs to be asymmetrically encrypted for each recipient (and sender), not more.
It's defined in CMS RFC5652 and S/MIME RFC5751. An S/MIME Message consists of MIME bodies and CMS content types. For each recipient (and sender) there must be a CMS RecipientInfo Type. In this type are the information which encryption key belongs to which recipient.
openssl cms -inform smime -in Test_enc.mbox -cmsout -print
CMS_ContentInfo:
contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
d.envelopedData:
version: <ABSENT>
originatorInfo: <ABSENT>
recipientInfos:
d.ktri:
version: <ABSENT>
d.issuerAndSerialNumber:
issuer: C=.., ST=.., L=.., O=.., OU=.., CN=..
serialNumber: 16756039346226544442
keyEncryptionAlgorithm:
algorithm: rsaEncryption (1.2.840.113549.1.1.1)
parameter: NULL
encryptedKey:
0000 - 07 b9 dc b8 97 ed ea b0-8f 9c 30 fa 0c f6 a0 ..........0....
...
01fe - f0 62 .b
d.ktri:
version: <ABSENT>
d.issuerAndSerialNumber:
issuer: C=.., ST=.., L=.., O=.., OU=.., CN=..
serialNumber: 16756039346226544442
keyEncryptionAlgorithm:
algorithm: rsaEncryption (1.2.840.113549.1.1.1)
parameter: NULL
encryptedKey:
0000 - 07 b9 dc b8 97 ed ea b0-8f 9c 30 fa 0c f6 a0 ..........0....
...
01fe - f0 62 .b
Since this mail was encrypted for myself, the block is included twice, as sender and receiver.
- How the decryption in receiver side is done?
- Is the receiver iterate all encrypted session key and try to decrypt for session key?
- If there are 50 recipients, then does the receiver need to decrypt all recipient's encrypted text for session key?
The receiver has only to search for the appropriate issuer and serial number in the recipientInfos list to find the correct encrypted key.
这篇关于SMIME解密多个收件人的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
