2

CentOS 5.8

Is there an easy way to tell what specific public key was used to encrypt an email?

My email gateway isn't able to decrypt an inbound S/MIME message and I'm suspecting that the remote sender may have used an obsolete public key that is no longer in use and doesn't match my private key.

Is there an easy way I can tell if the public key the sender used matches the private key I have?

Likewise, is there a way to do this for PGP encrypted emails?

Ideally I'm looking for something I can check with via the Linux command-line or native Windows tools without needing to be at either users desktop or loading all the keys into my desktop (in case this happens for multiple users).

Mike B
  • 11,570
  • 42
  • 106
  • 165

2 Answers2

1

You might use the DJIGZO email encryption gateway S/MIME tool (www.djigzo.com) to do this but perhaps it's a bit of an overkill to install it just for this purpose (it requires Java)

To see the details of a message use:

java -cp djigzo.jar mitm.common.tools.SMIME -r -in SOME-MIME-MESSAGE.eml

Example output snippet:

============================== Encrypted message

Encryption Algorithm: RC2, Key size: 128

Recipient 0

.....CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL/115FCD741088707366E9727452C9770//1.2.840.113549.1.1.1

==============================

The encryption recipient are shown as issuer/serial nr pairs

Instead of installing the gateway you might use DJIGZO For Android. You can use it to for example open a MIME message (.eml) from the SD card. Even if the message cannot be decrypted, if the key was not found, you can view the encryption recipients by opening the encryption layer, long click the encryption layer and then select "View encryption recipients". This will give you a list of all issuer/serial number pairs, or the "subject key identifiers" of the certificates the message was encrypted with.

The Android app can be downloaded for free from:

https://play.google.com/store/apps/details?id=com.djigzo.android.application

Naturally, you need an Android device for this :)

user
  • 4,267
  • 4
  • 32
  • 70
user148704
  • 11
  • 1
0

For GnuPG, it looks like you can use --list-packets for this, in a slightly roundabout way. According to How can I know all the recipients of a GPG encrypted message, you can do

gpg --list-packets $FILENAME

Each line starting with :pubkey enc packet is one recipient public key.

This gives you a list of key IDs to which the given file was encrypted, which you can match up against what you have available. Note that this displays the encryption key ID, which is not necessarily the same as the normally displayed key ID (it might be a subkey).

user
  • 4,267
  • 4
  • 32
  • 70