Tickets :: [#11058] S/MIME signed messages cannot be verified if body contains 8-bit characters

6.0.0-beta1

8/12/25

Summary	S/MIME signed messages cannot be verified if body contains 8-bit characters
Queue	IMP
Queue Version	5.0.19
Type	Bug
State	Resolved
Priority	2. Medium
Owners	slusarz (at) horde (dot) org
Requester	kd (at) tu-cottbus (dot) de
Created	03/07/2012 (4906 days ago)
Due
Updated	03/28/2012 (4885 days ago)
Assigned	03/28/2012 (4885 days ago)
Resolved	03/28/2012 (4885 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

03/28/2012 05:33:55 PM	Git Commit	Comment #19	Reply to this comment
Changes have been made in Git (develop): commit d9f98a4b9feddf1f89c1f2439295563a1d8a453a Author: Michael M Slusarz <slusarz@horde.org> Date: Wed Mar 28 01:40:03 2012 -0600 ~~Bug #11058~~: Fix bad method call framework/Mime/lib/Horde/Mime/Part.php \| 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/d9f98a4b9feddf1f89c1f2439295563a1d8a453a

03/28/2012 07:56:18 AM	mm (at) freebsd (dot) org	Comment #18	Reply to this comment
I can confirm this working, too.

03/28/2012 07:43:08 AM	Michael Slusarz	Comment #17 State ⇒ Resolved	Reply to this comment
"array_key_exists($opts['encode'])" should be "array_key_exists('encode',$opts)" Yeah, my fault. I switched the method of sanity checking halfway through and forgot to change this back. Reopen this ticket if you see any further issues.

03/28/2012 07:40:13 AM	Git Commit	Comment #16	Reply to this comment
Changes have been made in Git (master): commit d9f98a4b9feddf1f89c1f2439295563a1d8a453a Author: Michael M Slusarz <slusarz@horde.org> Date: Wed Mar 28 01:40:03 2012 -0600 ~~Bug #11058~~: Fix bad method call framework/Mime/lib/Horde/Mime/Part.php \| 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/d9f98a4b9feddf1f89c1f2439295563a1d8a453a

03/28/2012 07:33:44 AM	kd (at) tu-cottbus (dot) de	Comment #15	Reply to this comment
"array_key_exists($opts['encode'])" should be "array_key_exists('encode',$opts)" beside this it seems ok

03/28/2012 05:57:40 AM	Git Commit	Comment #14	Reply to this comment
Changes have been made in Git (develop): commit 054d6c36fd451c0711c2eb45a1653f0b7e48c018 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Mar 27 23:56:19 2012 -0600 ~~Bug #11058~~: Encrypted messages will be base64 encoded, so ok to send 8bit/binary, even if signed. imp/lib/Compose.php \| 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) http://git.horde.org/horde-git/-/commit/054d6c36fd451c0711c2eb45a1653f0b7e48c018

03/28/2012 05:57:37 AM	Git Commit	Comment #13	Reply to this comment
Changes have been made in Git (develop): commit 53f124c40670b6a1b25b7bf06fe9c904bbe1e263 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Mar 27 23:48:02 2012 -0600 [mms] Ensure that PGP & S/MIME signed message bodies are not altered after the signature is calculated (~~Bug #11058~~). imp/docs/CHANGES \| 2 ++ imp/lib/Compose.php \| 18 +++++++++++++++--- imp/package.xml \| 4 +++- 3 files changed, 20 insertions(+), 4 deletions(-) http://git.horde.org/horde-git/-/commit/53f124c40670b6a1b25b7bf06fe9c904bbe1e263

03/28/2012 05:57:33 AM	Git Commit	Comment #12	Reply to this comment
Changes have been made in Git (develop): commit 86d6dec3184a2bd470f165f5aebbf9751fefee58 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Mar 27 23:43:16 2012 -0600 [mms] Add option to allow encoding options to be defined for Horde_Mime_Part#send() (~~Bug #11058~~). framework/Mime/lib/Horde/Mime/Part.php \| 40 ++++++++++++++++++++------------ framework/Mime/package.xml \| 12 ++++---- 2 files changed, 31 insertions(+), 21 deletions(-) http://git.horde.org/horde-git/-/commit/86d6dec3184a2bd470f165f5aebbf9751fefee58

03/28/2012 05:56:27 AM	Git Commit	Comment #11	Reply to this comment
Changes have been made in Git (master): commit 054d6c36fd451c0711c2eb45a1653f0b7e48c018 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Mar 27 23:56:19 2012 -0600 ~~Bug #11058~~: Encrypted messages will be base64 encoded, so ok to send 8bit/binary, even if signed. imp/lib/Compose.php \| 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) http://git.horde.org/horde-git/-/commit/054d6c36fd451c0711c2eb45a1653f0b7e48c018

03/28/2012 05:48:38 AM	Michael Slusarz	Comment #10 State ⇒ Feedback	Reply to this comment
Do these commits fix things?

03/28/2012 05:48:19 AM	Git Commit	Comment #9	Reply to this comment
Changes have been made in Git (master): commit 53f124c40670b6a1b25b7bf06fe9c904bbe1e263 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Mar 27 23:48:02 2012 -0600 [mms] Ensure that PGP & S/MIME signed message bodies are not altered after the signature is calculated (~~Bug #11058~~). imp/docs/CHANGES \| 2 ++ imp/lib/Compose.php \| 18 +++++++++++++++--- imp/package.xml \| 4 +++- 3 files changed, 20 insertions(+), 4 deletions(-) http://git.horde.org/horde-git/-/commit/53f124c40670b6a1b25b7bf06fe9c904bbe1e263

03/28/2012 05:48:15 AM	Git Commit	Comment #8	Reply to this comment
Changes have been made in Git (master): commit 86d6dec3184a2bd470f165f5aebbf9751fefee58 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Mar 27 23:43:16 2012 -0600 [mms] Add option to allow encoding options to be defined for Horde_Mime_Part#send() (~~Bug #11058~~). framework/Mime/lib/Horde/Mime/Part.php \| 40 ++++++++++++++++++++------------ framework/Mime/package.xml \| 12 ++++---- 2 files changed, 31 insertions(+), 21 deletions(-) http://git.horde.org/horde-git/-/commit/86d6dec3184a2bd470f165f5aebbf9751fefee58

03/19/2012 09:11:37 PM	Jan Schneider	State ⇒ Assigned Assigned to Michael Slusarz

03/19/2012 12:10:07 PM	kd (at) tu-cottbus (dot) de	Comment #7	Reply to this comment
Until this is fixed you can use the attached workaround. Thank you, after your last comment,i set 'encode' => self::ENCODE_7BIT; in the following toString call as a workarround, which is essentially the same (changes a single line only :-))

03/19/2012 11:06:17 AM	mm (at) freebsd (dot) org	Comment #6 New Attachment: 11058.patch	Reply to this comment
Until this is fixed you can use the attached workaround.

03/15/2012 10:06:31 AM	mm (at) freebsd (dot) org	Comment #5	Reply to this comment
The problem is not in postfix but in Horde/Mime/Part.php, function send(), starting on line 1669. There is code that detects if MTA supports 8BITMIME (RFC 1652) or BINARYMIME (RFC 3030) extensions and re-encodes the mimePart. A S/MIME part cannot be reencoded from quoted-printable to anything else because it breaks the signature. One of possible solutions would be to extend the send function by giving it a new boolean parameter to use only 7bit encoding (quoted-printable) for S/MIME signed messages and set this parameter on sign time.

03/08/2012 06:48:46 AM	kd (at) tu-cottbus (dot) de	New Attachment: mail-1.txt

03/08/2012 06:48:05 AM	kd (at) tu-cottbus (dot) de	Comment #4 New Attachment: mail-2.txt	Reply to this comment

03/08/2012 06:46:19 AM	kd (at) tu-cottbus (dot) de	Comment #3 New Attachment: mail-3.txt	Reply to this comment
S/MIME signed messages cannot be verified if body contains 8-bit character. It seems, that a 'Content-Transfer-Encoding: 8bit' header is added after signing. We don't add this. Sounds like a MTA is adding this somewhere in transit. Hi Michael, it's not so simple. I test this internally, so only one MTA(postfix) is involved. I'm also not sure, that this header is the reason for the verification failure. However, if it is added by the MTA, shouldn't it be added by IMP before signing? I've attached 3 complete Messages. mail-1 contains only the letter 'a' (and my signature) and can be verified. mail-2 contains only the letter 'ä' (and my signature) and cannot be verified. mail-3 is what imp appended to my Sent-folder(when sending mail-2), this one can be verified.

03/07/2012 08:24:07 PM	Michael Slusarz	Comment #2	Reply to this comment
S/MIME signed messages cannot be verified if body contains 8-bit character. It seems, that a 'Content-Transfer-Encoding: 8bit' header is added after signing. We don't add this. Sounds like a MTA is adding this somewhere in transit.

03/07/2012 02:45:46 PM	kd (at) tu-cottbus (dot) de	Comment #1 Priority ⇒ 2. Medium State ⇒ Unconfirmed Patch ⇒ No Milestone ⇒ Summary ⇒ S/MIME signed messages cannot be verified if body contains 8-bit characters Type ⇒ Bug Queue ⇒ IMP	Reply to this comment
S/MIME signed messages cannot be verified if body contains 8-bit character. It seems, that a 'Content-Transfer-Encoding: 8bit' header is added after signing.