DecEnvelop: Enveloped Message Decoding & Decryption

DecEnvelop.exe is a .NET 1.0/1.1 assembly utility which:

Reads b64 or binary DER CMS/pkcs7 encoded and encrypted Enveloped message files including SMIME .p7m data
Decodes and decrypts the file using the private key associated with a certificate from the CU MY store, if available
Writes the decrypted content to a user-specified output file

DecEnvelop uses .NET P/Invoke to invoke the CryptoAPI simplified message function CryptDecryptMessage()
to decode and decrypt any standard CMS/pkcs7 enveloped data message in a single function call (including any S/MIME email enveloped data attachments).

This sample also demonstrates how to define the CRYPT_DECRYPT_MESSAGE_PARA struct in managed code, specify its members, and pass it by ref to CryptDecryptMessage().

DecEnvelop.exe is a command line utility:
DecEnvelop.exe [enveloped message file] [decrypted data output file]

C# Source

Example: Outlook Express 6 S/MIME EnvelopedData Message
The following shows a simple example of an encrypted email message, with plain text and a binary (image) file attachment generated by Outlook Express 6.

Note that the image attachment is also b64 encoded as required for binary-data attachments in the MIME specification.

[Note: While CAPICOM provides the EnvelopedData object, there are some interop usage issues. EnvelopedData.Content is exposed as a bstr and because of .NET <--> COM interop marshaling, usage is restricted to enveloped data and associated content in b64 format. Usage of binary data content with CAPICOM.EnvelopedData requires disassembling/modifying/reassembly of the standard .NET interop assembly. The DecEnvelop implemention here using P/Invoke does not require CAPICOM and is not limited in this way.]

Michel I. Gallant
neutron@istar.ca