View p7m file with openssl
How to view the content of a .p7m file
Normally a .p7m file is what in openssl terms is a DER file 1 (note: it work also with cms command).
openssl smime -verify -in smime.p7m -inform der -noverify -signer cert.pem -out textdata
- -verify to tell openssl that you will feed a signed mail message on input and outputs the signed data.
- -noverify do not verify the signers certificate of a signed message.
- -signer output the signer cert to the cert.pem file.
and textdata is what you are looking for. If the embedded file is a pdf for example you can call it textdata.pdf (if your O.S. is sensible to extensions).
or in al longer way 2:
openssl asn1parse -in smime.p7m -inform der -offset XX -length YYYY | tail --quiet --bytes=+61 | xxd -r -p >out.bin
openssl asn1parse -in smime.p7m -inform der
dump the content of the p7m file structure to search for the OCTECT STRING [HEX DUMP] sequence, that is the signed content (encrypted or not) we want to extract. XX and YYYY are the offset and length of the sequence. You have to grab the EOF at the end meaning increment length by 5.
Try to isolate that sequence:
openssl asn1parse -in smime.p7m -inform der -offset XX -length YYYY -dump
If length is wrong you have an error. Try to guess it with:
openssl asn1parse -in smime.p7m -inform der -offset XX
and see where the next sequence starts. That’s the length.
Save the content in HEX format:
openssl asn1parse -in smime.p7m -inform der -offset XX -length YYYY >out.hex
Remove the header that openssl left, ex. using an editor remove everything to [HEX DUMP]:
cat out.hex | tail --quiet --bytes=+61
finally convert the hex back to binary with:
cat out.hex | tail --quiet --bytes=+61 | xxd -r -p >out.bin
Note: This has been tested only once with a pdf file. Different encoding probably need some adjustment.