SMIME_read_CMS and binary signature

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SMIME_read_CMS and binary signature

etc@coderhacks.com
Hello!

I need a little hint for parsing SMIME into a CMS_ContentInfo.

Here is an shortend example of my SMIME to make clear the structure of
my content.


====================
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="----=_Part_abcde"

------=_Part_abcde
Content-Type: application/text; name=abc.txt
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=abc.txt

VU...Cc=

------=_Part_abcde
Content-Type: application/pkcs7-signature; name=smime.p7s;
smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIA...AAA=

------=_Part_abcde--
====================



If I try SMIME_read_CMS it is working well if the signature (the 2nd
MIME-part with smime-type=singed-data)
has a Content-Transfer-Encodeing of "base64" (as it is in my example)

But It is not working if the CTE is "binary" and also the content is.

If I manually convert the signature to base64 and change the CTE to
base64 the SMIME_read_CMS is working again.

Is there another way of handling that? Maybe another function?
Thanks for help!

Best regards,
Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SMIME_read_CMS and binary signature

Viktor Dukhovni


> On Feb 15, 2018, at 12:29 AM, [hidden email] wrote:
>
> If I try SMIME_read_CMS it is working well if the signature (the 2nd MIME-part with smime-type=singed-data)
> has a Content-Transfer-Encodeing of "base64" (as it is in my example)
>
> But It is not working if the CTE is "binary" and also the content is.

"binary" is not valid Content-Transfer-Encoding for SMIME.

RFC 2045 Section 6.2:

   Mail transport for unencoded 8bit data is defined in RFC 1652.  As of
   the initial publication of this document, there are no standardized
   Internet mail transports for which it is legitimate to include
   unencoded binary data in mail bodies.  Thus there are no
   circumstances in which the "binary" Content-Transfer-Encoding is
   actually valid in Internet mail.  However, in the event that binary
   mail transport becomes a reality in Internet mail, or when MIME is
   used in conjunction with any other binary-capable mail transport
   mechanism, binary bodies must be labelled as such using this
   mechanism.

Even if such a binary transport existed, there is no mechanism to embed
non line-oriented data inside a line-oriented MIME multipart.

If you want binary data, use DER-encoded CMS objects not SMIME.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users