Your partner decrypts and recovers the symmetric passphrase

Use OpenSSL command to decrypt the passphrase document. This will remove just the encryption. The signature will remain for document verification.

$ mv passphrase.sig.enc passphrase-$$.sig.enc
$ openssl smime -decrypt -inform pem -in passphrase-$$.sig.enc \ 
		-out passphrase-$$.sig -recip vdr-pubcert.pem -inkey vdr-prvkey.pem
		
[Note]Race Condition

This is also a race condition so come up with unique names for the keys.

Further use openssl command to verify the key document. This will check the signature for originator and file modification. The signature will be removed from the file.

$ openssl smime -verify -inform pem -in passphrase-$$.sig -out passphrase-$$ \
		-signer cln-pubcert.pem
		

This command should return ‘Verification successful’ if the file’s originator matched the certificate and the file was unaltered. If however you receive an error stating ‘self signed certificate’ then you can add the ‘-noverify’ option to the above to keep the openssl command from validating the certificate chain. It is up to the individual implementation to decide it self signed certificate are acceptable.