Enrypted email encrypted using certificate provider Entrust is unable to be decrypted by MS Outlook client.
The error outlook throws is:
This message cannot be decoded. An error occured while unprotecting the message. It could not be decrypted because an error occured decrypting the symmetric encryption key. The original data may be corrupt
I have found a solution to this issue. After decoding the encrypted email I see from the pkcs7-envelopedData that OID ":rsaEncryption" is missing. Here is how a good envelope using RSA for Key Encryption and AES256 for data encryption looks like
And here is what I would get while using .Net 4.5 SMTP client
So it is noticeable that the ":rsaEncryption" is missing from the pkcs7-envelopedData
To solve this I had to specify SubjectIdentifierType as SubjectIdentifierType.SubjectKeyIdentifier while adding CmsRecipient to the recipient collection. As following code snippet shows
This ensured that RSA Key endryption OID "rsaEncryption (1 2 840 113549 1 1 1)" is not missed out of the Envelope.
Please note that I found this issue only while dealing with Entrust provided Certificates(for encryption). I do not see this issue otherwise.