| Summary | Can't decrypt signed message stored in encrypted S/MIME message |
| Queue | IMP |
| Queue Version | Git master |
| Type | Bug |
| State | Resolved |
| Priority | 1. Low |
| Owners | slusarz (at) horde (dot) org |
| Requester | software-horde (at) interfasys (dot) ch |
| Created | 11/03/2014 (3910 days ago) |
| Due | |
| Updated | 01/06/2015 (3846 days ago) |
| Assigned | |
| Resolved | 12/30/2014 (3853 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
Assigned to Michael Slusarz
State ⇒ Resolved
commit 584b744c9d759089d37c8a13e1b9bc8f831e3f77
Author: Michael M Slusarz <slusarz@horde.org>
Date: Tue Dec 30 10:27:50 2014 -0700
[mms] Fix parsing broken S/MIME messages that don't include the
smime-type content-type parameter (
Request #13661).Conflicts:
imp/docs/CHANGES
imp/package.xml
imp/docs/CHANGES | 2 +
imp/lib/Mime/Viewer/Smime.php | 51 +++++++++++++++++++++++++++++++++++-----
imp/package.xml | 5 ++++
3 files changed, 51 insertions(+), 7 deletions(-)
http://github.com/horde/horde/commit/584b744c9d759089d37c8a13e1b9bc8f831e3f77
commit 3d07c17bd47c33368c939525a13f7a1dacc20b5a
Author: Michael M Slusarz <slusarz@horde.org>
Date: Tue Dec 30 10:27:50 2014 -0700
[mms] Fix parsing broken S/MIME messages that don't include the
smime-type content-type parameter (
Request #13661).imp/docs/CHANGES | 2 +
imp/lib/Mime/Viewer/Smime.php | 51 +++++++++++++++++++++++++++++++++++-----
imp/package.xml | 6 +++++
3 files changed, 52 insertions(+), 7 deletions(-)
http://github.com/horde/horde/commit/3d07c17bd47c33368c939525a13f7a1dacc20b5a
model citizens and followed the latest version of the specs to the
letter, the media-type is deprecated, but not illegal afaik, it's like
using SHA1 instead of sha-1 for the micalg parameter.
RFC 5751 [3.2] is saying SHOULD not MUST
Also, RFC 5751 [5.1] contains this
Type name: application
Subtype Name: pkcs7-mime
Required Parameters: NONE
Optional Parameters: smime-type/signed-data
smime-type/enveloped-data
smime-type/compressed-data
smime-type/certs-only
name
I don't know if this encoding only comes from one family of clients of
which very few use Horde or if it's a larger problem.
First, it's using the long deprecated MIME type.
Second, it does not contain the smime-data parameter. From RFC 5751 [3.2]:
Because there are several types of application/pkcs7-mime objects, a
sending agent SHOULD do as much as possible to help a receiving agent
know about the contents of the object without forcing the receiving
agent to decode the ASN.1 for the object. The Content-Type header
field of all application/pkcs7-mime objects SHOULD include the
optional "smime-type" parameter, as described in the following
sections.
In other words... that is some garbage input.
The 2nd part can't be decrypted, because it's a signed message, but
Horde treats it as another encrypted message
Trying to decrypt it will throw an error
34374513640:error:21072071:PKCS7 routines:PKCS7_decrypt:wrong content
type:pk7_smime.c:546:
The Smime lib should test the 2nd part using `-cmsout` before using it.
cmsout will contain something like this
Content-Type: application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"
New Attachment: part2.txt
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ Can't decrypt signed message stored in encrypted S/MIME message
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
via openssl cms, but wich Horde does not understand.
Horde can decrypt the first part:
smime.p7m (6 KB)
The data in this part has been encrypted via S/MIME.
But does not understand the decrypted message:
X-pkcs7-mime (4 KB)
The data in this part has been encrypted via S/MIME.
Could not decrypt S/MIME data.
The 2nd part looks like this
Content-Type: application/x-pkcs7-mime
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcB
oIAkgASCA4NDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91
...
DI2fdyAMfp2GSTTIVdpgOeDt6J+32QG0ppzfeOv8EGCvd7r7BO6gqy3XS54m7XNV
SGllRWATSg7MKOkAAAAAAAA=
I'm attaching that part for testing