Manually Decrypting a SOAP Message Using OpenSSL
So you have a SOAP message that has been encrypted and you want to manually decrypt it using OpenSSL. Here’s how you can do it:
- Copy the encrypted session key to a file and base64 decode it at the same time:
- Decrypt the session key using OpenSSL and your private key:
- Copy the encrypted message body to a file and base64 decode it at the same time:
- Read your session key in hex using the hexdump command:
- Read your message body in hex using the hexdump command:
- Decrypt the message using the hex version of the session key and the hex version of the IV:
echo "TiMPCLfQgfw==" | base64 -d -i > sessionkey.enc
openssl rsautl -decrypt -in sessionkey.enc -out sessionkey.dec -inkey myprivatekey.key
echo "1qsIPulqkVQ3==" | base64 -d -i > messagebody.enc
hexdump -C sessionkey.dec
hexdump -C messagebody.enc
openssl enc -d -aes-256-cbc -in messagebody.enc -K [session_key_hex] -iv [iv_hex] -out messagebody.dec
Note: You may need to strip off the IV from the beginning of the body before decrypting.
Although this process can be improved with scripting, these steps should give you a good understanding of how to manually decrypt a SOAP message using OpenSSL.