6.0.0-git
2019-03-21

[#11058] S/MIME signed messages cannot be verified if body contains 8-bit characters
Summary S/MIME signed messages cannot be verified if body contains 8-bit characters
Queue IMP
Queue Version 5.0.19
Type Bug
State Resolved
Priority 2. Medium
Owners slusarz (at) horde (dot) org
Requester kd (at) tu-cottbus (dot) de
Created 2012-03-07 (2570 days ago)
Due
Updated 2012-03-28 (2549 days ago)
Assigned 2012-03-28 (2549 days ago)
Resolved 2012-03-28 (2549 days ago)
Milestone
Patch No

History
2012-03-28 17:33:55 Git Commit Comment #19 Reply to this comment
Changes have been made in Git (develop):

commit d9f98a4b9feddf1f89c1f2439295563a1d8a453a
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Wed Mar 28 01:40:03 2012 -0600

     Bug #11058: Fix bad method call

  framework/Mime/lib/Horde/Mime/Part.php |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/d9f98a4b9feddf1f89c1f2439295563a1d8a453a
2012-03-28 07:56:18 mm (at) freebsd (dot) org Comment #18 Reply to this comment
I can confirm this working, too.
2012-03-28 07:43:08 Michael Slusarz Comment #17
State ⇒ Resolved
Reply to this comment
"array_key_exists($opts['encode'])" should be 
"array_key_exists('encode',$opts)"
Yeah, my fault.  I switched the method of sanity checking halfway 
through and forgot to change this back.

Reopen this ticket if you see any further issues.
2012-03-28 07:40:13 Git Commit Comment #16 Reply to this comment
Changes have been made in Git (master):

commit d9f98a4b9feddf1f89c1f2439295563a1d8a453a
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Wed Mar 28 01:40:03 2012 -0600

     Bug #11058: Fix bad method call

  framework/Mime/lib/Horde/Mime/Part.php |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/d9f98a4b9feddf1f89c1f2439295563a1d8a453a
2012-03-28 07:33:44 kd (at) tu-cottbus (dot) de Comment #15 Reply to this comment


"array_key_exists($opts['encode'])" should be 
"array_key_exists('encode',$opts)"

beside this it seems ok
2012-03-28 05:57:40 Git Commit Comment #14 Reply to this comment
Changes have been made in Git (develop):

commit 054d6c36fd451c0711c2eb45a1653f0b7e48c018
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 27 23:56:19 2012 -0600

     Bug #11058: Encrypted messages will be base64 encoded, so ok to 
send 8bit/binary, even if signed.

  imp/lib/Compose.php |    8 ++------
  1 files changed, 2 insertions(+), 6 deletions(-)

http://git.horde.org/horde-git/-/commit/054d6c36fd451c0711c2eb45a1653f0b7e48c018
2012-03-28 05:57:37 Git Commit Comment #13 Reply to this comment
Changes have been made in Git (develop):

commit 53f124c40670b6a1b25b7bf06fe9c904bbe1e263
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 27 23:48:02 2012 -0600

     [mms] Ensure that PGP & S/MIME signed message bodies are not 
altered after the signature is calculated (Bug #11058).

  imp/docs/CHANGES    |    2 ++
  imp/lib/Compose.php |   18 +++++++++++++++---
  imp/package.xml     |    4 +++-
  3 files changed, 20 insertions(+), 4 deletions(-)

http://git.horde.org/horde-git/-/commit/53f124c40670b6a1b25b7bf06fe9c904bbe1e263
2012-03-28 05:57:33 Git Commit Comment #12 Reply to this comment
Changes have been made in Git (develop):

commit 86d6dec3184a2bd470f165f5aebbf9751fefee58
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 27 23:43:16 2012 -0600

     [mms] Add option to allow encoding options to be defined for 
Horde_Mime_Part#send() (Bug #11058).

  framework/Mime/lib/Horde/Mime/Part.php |   40 
++++++++++++++++++++------------
  framework/Mime/package.xml             |   12 ++++----
  2 files changed, 31 insertions(+), 21 deletions(-)

http://git.horde.org/horde-git/-/commit/86d6dec3184a2bd470f165f5aebbf9751fefee58
2012-03-28 05:56:27 Git Commit Comment #11 Reply to this comment
Changes have been made in Git (master):

commit 054d6c36fd451c0711c2eb45a1653f0b7e48c018
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 27 23:56:19 2012 -0600

     Bug #11058: Encrypted messages will be base64 encoded, so ok to 
send 8bit/binary, even if signed.

  imp/lib/Compose.php |    8 ++------
  1 files changed, 2 insertions(+), 6 deletions(-)

http://git.horde.org/horde-git/-/commit/054d6c36fd451c0711c2eb45a1653f0b7e48c018
2012-03-28 05:48:38 Michael Slusarz Comment #10
State ⇒ Feedback
Reply to this comment
Do these commits fix things?
2012-03-28 05:48:19 Git Commit Comment #9 Reply to this comment
Changes have been made in Git (master):

commit 53f124c40670b6a1b25b7bf06fe9c904bbe1e263
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 27 23:48:02 2012 -0600

     [mms] Ensure that PGP & S/MIME signed message bodies are not 
altered after the signature is calculated (Bug #11058).

  imp/docs/CHANGES    |    2 ++
  imp/lib/Compose.php |   18 +++++++++++++++---
  imp/package.xml     |    4 +++-
  3 files changed, 20 insertions(+), 4 deletions(-)

http://git.horde.org/horde-git/-/commit/53f124c40670b6a1b25b7bf06fe9c904bbe1e263
2012-03-28 05:48:15 Git Commit Comment #8 Reply to this comment
Changes have been made in Git (master):

commit 86d6dec3184a2bd470f165f5aebbf9751fefee58
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 27 23:43:16 2012 -0600

     [mms] Add option to allow encoding options to be defined for 
Horde_Mime_Part#send() (Bug #11058).

  framework/Mime/lib/Horde/Mime/Part.php |   40 
++++++++++++++++++++------------
  framework/Mime/package.xml             |   12 ++++----
  2 files changed, 31 insertions(+), 21 deletions(-)

http://git.horde.org/horde-git/-/commit/86d6dec3184a2bd470f165f5aebbf9751fefee58
2012-03-19 21:11:37 Jan Schneider Assigned to Michael Slusarz
State ⇒ Assigned
 
2012-03-19 12:10:07 kd (at) tu-cottbus (dot) de Comment #7 Reply to this comment
Until this is fixed you can use the attached workaround.
Thank you, after your last comment,i set 'encode' => self::ENCODE_7BIT;
in the following toString call as a workarround, which is essentially 
the same (changes a single line only :-))
2012-03-19 11:06:17 mm (at) freebsd (dot) org Comment #6
New Attachment: 11058.patch Download
Reply to this comment
Until this is fixed you can use the attached workaround.
2012-03-15 10:06:31 mm (at) freebsd (dot) org Comment #5 Reply to this comment
The problem is not in postfix but in Horde/Mime/Part.php, function 
send(), starting on line 1669.

There is code that detects if MTA supports 8BITMIME (RFC 1652) or 
BINARYMIME (RFC 3030) extensions and re-encodes the mimePart.

A S/MIME part cannot be reencoded from quoted-printable to anything 
else because it breaks the signature.

One of possible solutions would be to extend the send function by 
giving it a new boolean parameter to use only 7bit encoding 
(quoted-printable) for S/MIME signed messages and set this parameter 
on sign time.
2012-03-08 06:48:46 kd (at) tu-cottbus (dot) de New Attachment: mail-1.txt Download
 
2012-03-08 06:48:05 kd (at) tu-cottbus (dot) de Comment #4
New Attachment: mail-2.txt Download
Reply to this comment


2012-03-08 06:46:19 kd (at) tu-cottbus (dot) de Comment #3
New Attachment: mail-3.txt Download
Reply to this comment
S/MIME signed messages cannot be verified if body contains 8-bit character.

It seems, that a 'Content-Transfer-Encoding: 8bit' header is added
after signing.
We don't add this.  Sounds like a MTA is adding this somewhere in transit.
Hi Michael,
it's not so simple. I test this internally, so only one MTA(postfix) 
is involved.
I'm also not sure, that this header is the reason for the verification 
failure.
However, if it is added by the MTA, shouldn't it be added by IMP 
before signing?
I've attached 3 complete Messages.
mail-1 contains only the letter 'a' (and my signature) and can be verified.
mail-2 contains only the letter 'รค' (and my signature) and cannot be verified.
mail-3 is what imp appended to my Sent-folder(when sending mail-2), 
this one can be verified.

2012-03-07 20:24:07 Michael Slusarz Comment #2 Reply to this comment
S/MIME signed messages cannot be verified if body contains 8-bit character.

It seems, that a 'Content-Transfer-Encoding: 8bit' header is added 
after signing.
We don't add this.  Sounds like a MTA is adding this somewhere in transit.
2012-03-07 14:45:46 kd (at) tu-cottbus (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ S/MIME signed messages cannot be verified if body contains 8-bit characters
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
Reply to this comment
S/MIME signed messages cannot be verified if body contains 8-bit character.

It seems, that a 'Content-Transfer-Encoding: 8bit' header is added 
after signing.

Saved Queries