Decrypt PKCS#7 Message in C#

Question

I have a PKCS#7 message in an EnvelopedCms instance.

I also have a private key loaded from a certificate.

Is there a way after decrypting the EnvelopedCms.RecipientInfos[0].EncryptedKey (with the private key) to use the session key in a managed decryption algorithm to decrypt the EnvelopedCms.ContentInfo.Content ?

P.S: I don't want to use EnvelopedCms.Decrypt(), I know it exists, but I don't want to use it.

Answer 1

It is easy to check for the EnvelopedCms.ContentEncryptionAlgorithm.Oid.FriendlyName property to know which algorithm was used to encrypt the content. The encryption algorithm is chosen by the Outlook user from (Options -> Trust Center -> Trust Center Settings -> Email Security -> Encrypted Email -> Default Settings). Since the encryption algorithm is typically a symmetric algorithm, the KeySize, BlockSize, SymmetricKey, and Initial Vector are usually needed. The value for BlockSize is known from the algorithm. The KeySize could either be known from the name of the algorithm (e.g. AES256 means the KeySize is 256) or by checking the value of EnvelopedCms.ContentEncryptionAlgorithm.KeyLength. The SymmetricKey is given by assumption. The Initial Vector is found in EnvelopedCms.ContentEncryptionAlgorithm.Parameters.

However, you have to watch for the padding of the content or a "Length of data is invalid" exception is thrown. Therefore, there's a padding of 6 characters which must be trimmed before attempting to decrypt using the symmetric cipher, however, I don't have an authoritative resource why these 6 zero-characters exist and whether is it safe to assume that they are always to be trimmed.

For the RC2-64 algorithm, the KeyLength property returns 0, therefore make sure to set the KeySize property to 64 before invoking the cipher.