Decrypting encrypted content without headers

[Peperud]

I'm getting a (test) encrypted file.
MimeKit decrypts it, but the content comes out empty.
OpenSSL decrypts it and does produce content.

I might be wrong, but from what I can tell, it looks to me that the decrypted message does not have headers and this throws off MimeKit. After decryption, it goes on to scan for headers, doesn't find any, defaults to text/plain, but then doesn't rewind the stream to account for the missing headers and comes up with empty content.

Decrypted message without headers is probably not very compliant.

However, silently "losing" the content also seems wrong.
Perhaps it would make sense (based on ParserOptions being on the strict/loose side or unconditionally), that MimeKit either:

1. Throws an appropriate compliance/format error.
2. Defaults to text/plain and loads the content.

[jstedfast]

I would recommend using the SecureMimeContext directly.

http://www.mimekit.net/docs/html/M_MimeKit_Cryptography_SecureMimeContext_DecryptTo.htm

[jstedfast]

Here's how you can use this:

public MimeEntity Decrypt (SecureMimeContext ctx, ApplicationPkcs7Mime pkcs7)
{
    using (var decryptedData = new MemoryStream ()) {
        using (var encryptedData = new MemoryStream ()) {
            pkcs7.Content.DecodeTo (encryptedData);
            encryptedData.Position = 0;

            ctx.DecryptTo (encryptedData, decryptedData);
            decryptedData.Position = 0;
        }

        // now figure out of it has headers or not...
        if (dataHasHeaders)
            return MimeEntity.Load (decryptedData);

        var content = new MemoryStream ();
        decryptedData.CopyTo (content);
        content.Position = 0;

        return new MimePart ("application", "octet-stream") {
            Content = new MimeContent (content)
        };
    }
}

[Peperud]

MimeKit throws in a couple of other places when it fails to parse headers.
Doesn't it make sense to throw in this case too?

Thanks for the sample.

[jstedfast]

You haven't given me an example so I can't tell you why it isn't.

[Peperud]

Can't share the original, but I think this should show it. Password is "nsoft".
MimeKit443.zip

So, expecting a compliant message, I go like this:

...
    var message = MimeMessage.Load(inputFileName);
    var pkcs7 = message.Body as ApplicationPkcs7Mime;
    using (var ctxDecrypt = CustomSecureMimeContext.Create(EncryptionCertificateStream, EncryptionCertificatePassword))
    {
        // this doesn't throw
        var decrypted = pkcs7.Decrypt(ctxDecrypt);

        // but the content is null
        IMimeContent content = (decrypted as MimePart).Content;
...