I am trying to extract a RSA-encrypted AES key from a PKCS7 envelope and am getting an error that says the encrypted key is a schema, not a value. Why is this when in the envelope there is a line that says encryptedKey=....
content, rest = decode(env_der, asn1Spec=rfc2315.ContentInfo())
assert content['contentType'] == rfc2315.envelopedData
myenvelop, rest = decode(content['content'], asn1Spec=rfc2315.EnvelopedData())
print(myenvelop)
print(myenvelop['recipientInfos'][1]['encryptedKey'])
the result of this code is:
EnvelopedData:
version=0
recipientInfos=RecipientInfos:
RecipientInfo:
version=0
issuerAndSerialNumber=IssuerAndSerialNumber:
issuer=Name:
=RDNSequence:
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.6
value=0x13025553
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.10
value=0x130f552e532e20476f7665726e6d656e74
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.11
value=0x131c556e697465642053746174657320506f7374616c2053657276696365
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.3
value=0x131255535053496e7465726e616c537562324341
serialNumber=488380148491395325238848
keyEncryptionAlgorithm=KeyEncryptionAlgorithmIdentifier:
algorithm=1.2.840.113549.1.1.1
parameters=0x0500
encryptedKey=0x1b396af2d3a1eca95621262c85fd11835616fc5e1d342c752a2082dd559a23c8f11c21d68b8d5317c721c1d7eba7a1c5bef8ee15d428da74c513a61437d6ba7e6ba4286540ec6c068091b5a611ea36c0aaf44b3055fddbdfe40f5472aa0c1daaa69b67ff5bac3e9de17f5c12f7bd4c86ad4d505341308048c82f29cf71c3bcb9108039ccbf7ebc5f9784570f360a1ec3c529dfc94950d290aa95d80e849688b3cc509851173cedf12e963dcd1d083b87ab3a41b7a0db5f79ca4a52b28b3758fec1f20a627d181e95547d56f0b51fcf2a211371df8d62b5e62473ece192649493d89a72693ffe94c2dbfb7e5ba1fa1c04b623b5094600786b931e6cd1a6f406d1
encryptedContentInfo=EncryptedContentInfo:
contentType=1.2.840.113549.1.7.1
contentEncryptionAlgorithm=ContentEncryptionAlgorithmIdentifier:
algorithm=2.16.840.1.101.3.4.1.42
parameters=0x041016b5378e3bfde72671a7a207a4038840
Traceback (most recent call last):
File "C:/Users/VoxaiLap10/Desktop/pythonbible/cryptotestpemmp3_b_md5_7-19-18b.py", line 81, in <module>
unEnvelop(filename, pemFile, outfilename)
File "C:/Users/VoxaiLap10/Desktop/pythonbible/cryptotestpemmp3_b_md5_7-19-18b.py", line 41, in unEnvelop
print(myenvelop['recipientInfos'][1]['encryptedKey'])
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pyasn1\type\univ.py", line 882, in __str__
return self._value.decode(self.encoding)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pyasn1\type\base.py", line 221, in __getattr__
raise error.PyAsn1Error('Attempted "%s" operation on ASN.1 schema object' % attr)
pyasn1.error.PyAsn1Error: Attempted "decode" operation on ASN.1 schema object
Suspicious part is that [1] subscription, should it be [0] instead? I assume you are trying to address the first element of the RecipientInfos sequence which is zero-based.
The error message itself means that the object you are trying to work with is not initialized e.g. is not filled with any concrete value. That's why it can only be used as a "schema" e.g. for type information.
When you subscribe RecipientInfos by a non-existing index, the new RecipientInfo element is created which obviously is not populated with any concrete values (apart from the defaults). In that sense it remains a schema, not schema instance.