Encrypt file in Kleopatra with X.509 certificate and decrypt in Biztalk

We have imported our Encrypting X.509 certificate in Kleopatra from at .cer file.
We use Kleopatra Version 2.2.0-gitfb4ae3d (2015-11-12).

We encrypt a file with “File Sing/Encrypt Files” and selected “Encrypt” and we get an encrypted file with file extention .p7m. Encryption works fine :slight_smile:

We now need to decrypt this .p7m file in Biztalk.

We would like to use an “OpenPGP Pipeline Component” - ref link


but we are not able to decrypt the message with this pipeline.

Do you know if it is possible to use “OpenPGP” to decrypt a .p7m file?



Is it possible to import information about X.509 decrypt information to secring.gpg end pubring.gpg?

Hi Jo,

the first thing to note for your understanding is:
While using the same cryptographic principles, there are two different format specifications for end-to-end cryptography objects like certificates and cyphertext.

a) the cryptographic message syntax (CMS) https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
b) OpenPGP aka RFC4880 and others.

When creating a CMS object by encrypting to an x509 certificate,
you cannot decrypt it with an OpenPGP engine, because that is the wrong “format”.

However GnuPG (the crypto engine coming with Gpg4win) can handle both CMS and OpenPGP. So yes you could add the necessary private keys for x509 to GnuPG and use the command line or other Ggp4win components to decrypt CMS objects. Note that this configuration usually is advanced, because of the great variety of CMS based standards
makes it hard to configure what you actually want. But it can be done, see here for some hints for older versions of GnuPG https://wiki.gnupg.org/X.509

Best Regards,

Thanks for a clarifying answer Bernhard :slight_smile:

You are welcome!

(If that saved your day, consider paying for or donating to Gpg4win:
https://www.gpg4win.org/donate.html :wink: )