Re: cmsutil: failed to decode message.

Tue, 27 Apr 2010 11:34:05 -0700 

On 2010/04/27 06:46 PDT, mathieu wrote:

>   I am trying to understand how to use cmsutil. Here is a self-
> contained shell script:
> 
> DB=MM
> PASSWD=$DB/passwd.txt
> RS=$DB/rand.seed
> CANN=netauth.com
> certutil -N -f $PASSWD -d $DB
> certutil -S -s "cn=netauth ca,dc=netauth,dc=com" -n $CANN \
> -f $PASSWD -z $RS -x -t "C,C,C" -d $DB
> certutil -R -7 j...@xxxxxxxxxxx -z $RS -f $PASSWD -o $DB/jimi.req -d $DB \
> -s "e=j...@xxxxxxxxxxx,cn=jimi hendrix,ou=people,dc=netauth,dc=com"
> certutil -C -i $DB/jimi.req -o $DB/jimi.crt -f $PASSWD -z $RS \
> -7 j...@xxxxxxxxxxx -c $CANN -d $DB
> certutil -A -n j...@xxxxxxxxxxx -f $PASSWD -t ",," -i $DB/jimi.crt -d $DB
> certutil -R -s "e=...@xxxxxxxxxxx,cn=tom jones,ou=people,dc=netauth,dc=com" \
> -7 t...@xxxxxxxxxxx -z $RS -f $PASSWD -o $DB/tom.req -d $DB
> certutil -C -i $DB/tom.req -o $DB/tom.crt -f $PASSWD -z $RS \
> -7 t...@xxxxxxxxxxx -c $CANN -d $DB
> certutil -A -n t...@xxxxxxxxxxx -f $PASSWD -t ",," -i $DB/tom.crt -d $DB
> certutil -L -d $DB
> certutil -L -d $DB -n t...@xxxxxxxxxxx
> cmsutil -E -r t...@xxxxxxxxxxx -i $DB/jimi.txt -d $DB -p foobar -o 
> $DB/jimi.env
> cmsutil -v -D -d $DB -i $DB/jimi.env -p foobar
> 
> It fails with:
> 
> received commands
> NSS has been initialized.
> Got default certdb
> Incorrect password/PIN entered.
> cmsutil: failed to decode message.
> cmsutil: problem decoding: Cannot decrypt: you are not a recipient, or
> matching certificate and private key not found.
> 
> Could someone please point me to the issue in my cmsutil -D command ?

Your script does not tell us what you put into the file $DB/passwd.txt
but from the results, we can infer that it was NOT the string "foobar".

Alter your script above by inserting the following line immediately before
the first certutil command, and then repeat the script with an MM directory
with no *.db files in it.

echo foobar > $PASSWD

You'll like the results.

See also

http://mxr.mozilla.org/security/source/security/nss/cmd/smimetools/smime
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to