Manually Decrypting a SOAP Message Using OpenSSL

So you have a SOAP message that has been encrypted and you want to manually decrypt it using OpenSSL. Here’s how you can do it:

  1. Copy the encrypted session key to a file and base64 decode it at the same time:
  2. echo "TiMPCLfQgfw==" | base64 -d -i > sessionkey.enc
  3. Decrypt the session key using OpenSSL and your private key:
  4. openssl rsautl -decrypt -in sessionkey.enc -out sessionkey.dec -inkey myprivatekey.key
  5. Copy the encrypted message body to a file and base64 decode it at the same time:
  6. echo "1qsIPulqkVQ3==" | base64 -d -i > messagebody.enc
  7. Read your session key in hex using the hexdump command:
  8. hexdump -C sessionkey.dec
  9. Read your message body in hex using the hexdump command:
  10. hexdump -C messagebody.enc
  11. Decrypt the message using the hex version of the session key and the hex version of the IV:
  12. openssl enc -d -aes-256-cbc -in messagebody.enc -K [session_key_hex] -iv [iv_hex] -out messagebody.dec

    Note: You may need to strip off the IV from the beginning of the body before decrypting.

Although this process can be improved with scripting, these steps should give you a good understanding of how to manually decrypt a SOAP message using OpenSSL.

Leave a Reply

Your email address will not be published. Required fields are marked *