We are using Chilkat for .NET-Framework v9.5.0.99 in a custom email client. Recently we have been receiving emails encrypted with AES-128 in GCM-Mode. These are not decrypted like all other with an error "UnexpectedOid 1.2.840.113549.1.9.16.1.23"
<info>Unwrapping enveloped (encrypted or signed)...</info>
<unwrapMime>
<loadPkcs7Der>
<DerParseTimeMs>Elapsed time: 0 millisec</DerParseTimeMs>
<loadPkcs7Xml_inner>
<UnexpectedOid>1.2.840.113549.1.9.16.1.23</UnexpectedOid>
<error>Failed.</error>
</loadPkcs7Xml_inner>
<xml></xml>
<error>Failed to load PKCS7 XML</error>
<Pkcs7XmlLoadTimeMs>Elapsed time: 0 millisec</Pkcs7XmlLoadTimeMs>
</loadPkcs7Der>
<error>Not PKCS7 DER</error>
</unwrapMime>
We checked if those emails was corrupt or not properly encrypted, but with openssl is decryption possible. It seems like Chilkat.Email supports only AES-128 in CBC-Mode, though on example for Chilkat.Email said "It is not necessary to know in advance the algorithms needed to decrypt". And Chilkat.Crypt2 actually supports CipherMode GCM. Is that so? Ist it a bug? Is ist possible to force a use of GCM for email decryption?
A Chilkat user had this same issue in the last month, and we've updated Chilkat to handle it correctly. (It's also now possible to send authEnvelopedData email, or create those types of CMS (PKCS7) envelopes for non-email applications.)
However, it's in the upcoming v10.0.0 version to be released at the end of September 2024. I can provide a pre-release download by private email (info@chilkatsoft.com).