------=_NextPart_000_00A1_01C31FE0.9A54F420
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Ok, if I understand the attachement has been removed, here it is again
Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Frédéric Giudicelli" <gro...@newpki.org>
To: <opens...@openssl.org>
Sent: Wednesday, May 21, 2003 9:25 PM
Subject: Re: openssl smime problem ?
> I'm using "openssl smime", I'm attaching the result of the command.
>
> Frédéric Giudicelli
> http://www.newpki.org
> ----- Original Message -----
> From: "Dr. Stephen Henson" <st...@openssl.org>
> To: <opens...@openssl.org>
> Sent: Wednesday, May 21, 2003 9:18 PM
> Subject: Re: openssl smime problem ?
>
>
> > On Wed, May 21, 2003, Frédéric Giudicelli wrote:
> >
> > > Hi,
> > > When I generate a SMIME body with "opensssl smime", Outlook Express 6
> has a
> > > problem openning it, example:
> > > ------28A064EDE1C2332901D899C92E1F6F0F
> > > This is the message
> > > ------28A064EDE1C2332901D899C92E1F6F0F
> > >
> > > OE claims:
> > > "Outlook Express encountered an unexpected problem...".
> > > If I modify the body with "This is the message\r\n", and regenerate
the
> > > SMIME:
> > > ------4A65F9FD78F6803496CC6E9E2320F36B
> > > This is the message
> > >
> > > ------4A65F9FD78F6803496CC6E9E2320F36B
> > >
> > > OE is then capable to open it, but it claims "Message has been
tampered
> > > with".
> > >
> > > Any idea ?
> > >
> >
> > Are you manually doing the MIME formatting or are you using the 'smime'
> tool
> > for this?
> >
> > You should include MIME headers (e.g. Content-type: text/plain) in the
> first
> > part if you are doing this manually.
> >
> > Steve.
> > --
> > Dr Stephen N. Henson.
> > Core developer of the OpenSSL project: http://www.openssl.org/
> > Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
> > Email: she...@drh-consultancy.demon.co.uk, PGP key: via homepage.
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List opens...@openssl.org
> > Automated List Manager majo...@openssl.org
> >
>
------=_NextPart_000_00A1_01C31FE0.9A54F420
Content-Type: text/plain;
name="smime.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="smime.txt"
To: t...@to.com=0A=
From: fr...@from.com=0A=
Subject: Salut=0A=
MIME-Version: 1.0=0A=
Content-Type: multipart/signed; =
protocol=3D"application/x-pkcs7-signature"; micalg=3Dsha1; =
boundary=3D"----3770C6143C02E4250BAFE553D0A3F34C"=0A=
=0A=
This is an S/MIME signed message=0A=
=0A=
------3770C6143C02E4250BAFE553D0A3F34C=0A=
This is the message=0A=
------3770C6143C02E4250BAFE553D0A3F34C=0A=
Content-Type: application/x-pkcs7-signature; name=3D"smime.p7s"=0A=
Content-Transfer-Encoding: base64=0A=
Content-Disposition: attachment; filename=3D"smime.p7s"=0A=
=0A=
MIIFEgYJKoZIhvcNAQcCoIIFAzCCBP8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3=0A=
DQEHAaCCAwswggMHMIICcKADAgECAgEBMA0GCSqGSIb3DQEBBQUAMHAxDTALBgNV=0A=
BAsTBERldi4xDzANBgNVBAoTBk5ld1BLSTELMAkGA1UEBhMCRlIxCzAJBgNVBAgT=0A=
Ajc1MQ4wDAYDVQQHEwVQYXJpczEkMCIGA1UEAxMbcGtpYmFzZSAtIEludGVybmFs=0A=
IFVTRVJTIENBMB4XDTAzMDUxOTAyNTgyMloXDTA0MDUxODAyNTgyMlowZjENMAsG=0A=
A1UECxMERGV2LjEPMA0GA1UEChMGTmV3UEtJMQswCQYDVQQGEwJGUjELMAkGA1UE=0A=
CBMCNzUxDjAMBgNVBAcTBVBhcmlzMRowGAYDVQQDExFQS0kgQWRtaW5pc3RyYXRv=0A=
cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnXqZQMpx8ltf9gN29Hh6HU8N=0A=
I6XAzxzglUDPIbOKmJhzi/qUcLGeuVf8Np/q8sGaDsfCPY18sNdAWDcqImlaSLZ1=0A=
RbJe4FmJY62UG6d4JiuqBmBxgY1eqC7aRphMG8KnybChla4q2jLsCLi9TN9QZjxV=0A=
7Uk6FNkjSzWUL5q5ZMcCAwEAAaOBujCBtzAJBgNVHRMEAjAAMDUGCWCGSAGG+EIB=0A=
DQQoFiZOZXdQS0kgSW50ZXJuYWwgQ0EgRW5kVXNlciBDZXJ0aWZpY2F0ZTAdBgNV=0A=
HQ4EFgQU10DvslF5W3IWcBKnJ8VOxUMXeoIwHwYDVR0jBBgwFoAUtTFs0dr5nhuQ=0A=
lI1UxVtA0xd6KgcwEQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIF4DATBgNV=0A=
HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQCpC3fvdEV+D06PbpF+=0A=
pqhorWovkUgGssoxoBhYrsHsQJFT1zV6Xt7o6h2UuUhclRjbWuJoO0EbJrgWQffE=0A=
EVdsfUJ3NbwdPdzCS/GpyJ/0YBsuoWFQMsT4Cg2NtloTU5Si4jWQ0dbgeDVm/JkT=0A=
No/CIgm7KDgY4+h9mj7yhmpyJzGCAc8wggHLAgEBMHUwcDENMAsGA1UECxMERGV2=0A=
LjEPMA0GA1UEChMGTmV3UEtJMQswCQYDVQQGEwJGUjELMAkGA1UECBMCNzUxDjAM=0A=
BgNVBAcTBVBhcmlzMSQwIgYDVQQDExtwa2liYXNlIC0gSW50ZXJuYWwgVVNFUlMg=0A=
Q0ECAQEwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG=0A=
CSqGSIb3DQEJBTEPFw0wMzA1MjExOTI2MjVaMCMGCSqGSIb3DQEJBDEWBBTN/TXp=0A=
mD7ZiZhOAmVGskGAO+vQKzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G=0A=
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0D=0A=
AgIBKDANBgkqhkiG9w0BAQEFAASBgDRokJOBHZb5d7v4xvSPb2WqOFuDc1w4l73o=0A=
f4qdA3Vchrfgici2J4boPdImC+MTnQ0tbW+Anzk5htxuYs+xLFoMpcnP9j2iFmae=0A=
W4s9YEnsxOjeT/dX8WhbcQ95RQQsn9ECVtqHc24GeTju4GBSWoqamE1Lm7WzAqLC=0A=
2t84rAL5=0A=
=0A=
------3770C6143C02E4250BAFE553D0A3F34C--=0A=
=0A=
------=_NextPart_000_00A1_01C31FE0.9A54F420--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org
> Ok, if I understand the attachement has been removed, here it is again
>
>
> > I'm using "openssl smime", I'm attaching the result of the command.
> >
> To: t...@to.com
> From: fr...@from.com
> Subject: Salut
> MIME-Version: 1.0
> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----3770C6143C02E4250BAFE553D0A3F34C"
>
> This is an S/MIME signed message
>
> ------3770C6143C02E4250BAFE553D0A3F34C
> This is the message
> ------3770C6143C02E4250BAFE553D0A3F34C
> Content-Type: application/x-pkcs7-signature; name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7s"
>
[stuff deleted]
That could confuse the Outlook MIME parser. Try it with the -text option and
see what happens. If you still get the message try with -nodetach as well.
If the sig is OK with -nodetach and not without it then check the message
source which Outlook receives to ensure that something isn't corrupting it en
route.
I directly open the message in OE from the resulting file, so I'm sure it's
not altered, this is really weird as if OE expected something special in
between the boundaries.
Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <opens...@openssl.org>
Sent: Wednesday, May 21, 2003 10:37 PM
Subject: Re: openssl smime problem ?
> Well,
> "-text" didn't do the trick (it still claims the message has been altered).
> "-nodetach" did the trick but the message didn't show up.
> "-text -nodetach" did the trick.
>
> I directly open the message in OE from the resulting file, so I'm sure it's
> not altered, this is really weird as if OE expected something special in
> between the boundaries.
>
Hmm that could be it. Due to the way the various parts of OpenSSL handle end
of line openssl smime without -detach has a mixture of "\n" and "\r\n"
in the outputted data. This doesn't seem to matter in many cases such as
piping the result into sendmail but opening it up directly might be a problem.
Something like deleting all "\r" then changing "\n" to "\r\n" might do the
trick.
Is there a counter-indication with using "-nodetach" ?
Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <opens...@openssl.org>
Sent: Wednesday, May 21, 2003 11:36 PM
Subject: Re: openssl smime problem ?
> Changing all "\n" with "\r\n" does work it still claims the message as be
> altered.
>
> Is there a counter-indication with using "-nodetach" ?
>
With -nodetach the context is included in the PKCS#7 structure which normally
makes an email client use it verbatim and so the signature matches.
Without that option it uses cleartext signing which has various translations
performed on it before the signature is calculated.
Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <opens...@openssl.org>
Sent: Thursday, May 22, 2003 2:22 AM
Subject: Re: openssl smime problem ?
One tip: If you've got two newlines at the end of the message, you've got
to remove one, otherwise Outlook will complain.
I had to implement a mail signing/encrypting program based on the openssl
library and finally managed to create signed/encrypted messages that were
valid in Mozilla, openssl smime and all the various Outlook version. Quite
a pain, especially for outlook.
There are several "issues" with outlook (such as trailing newlines,
non-standard mime-headers, duplicate headers), but it can be done.
I've done it in C though, not with the command line tool.
Bye
Tim
On Wed, 21 May 2003 21:13:29 +0200
Fr=E9d=E9ric Giudicelli <gro...@newpki.org> wrote:
> Hi,
> When I generate a SMIME body with "opensssl smime", Outlook Express 6
> has a problem openning it, example:
> ------28A064EDE1C2332901D899C92E1F6F0F
> This is the message
> ------28A064EDE1C2332901D899C92E1F6F0F
>=20
> OE claims:
> "Outlook Express encountered an unexpected problem...".
> If I modify the body with "This is the message\r\n", and regenerate the
> SMIME:
> ------4A65F9FD78F6803496CC6E9E2320F36B
> This is the message
>=20
> ------4A65F9FD78F6803496CC6E9E2320F36B
>=20
> OE is then capable to open it, but it claims "Message has been tampered
> with".
>=20
> Any idea ?
>=20
> Fr=E9d=E9ric Giudicelli
> http://www.newpki.org
>=20
Now it works fine with OE.
Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Tim Tassonis" <tim...@dplanet.ch>
To: <opens...@openssl.org>
Cc: <gro...@newpki.org>
Sent: Thursday, May 22, 2003 5:36 PM
Subject: Re: openssl smime problem ?
Hi
One tip: If you've got two newlines at the end of the message, you've got
to remove one, otherwise Outlook will complain.
I had to implement a mail signing/encrypting program based on the openssl
library and finally managed to create signed/encrypted messages that were
valid in Mozilla, openssl smime and all the various Outlook version. Quite
a pain, especially for outlook.
There are several "issues" with outlook (such as trailing newlines,
non-standard mime-headers, duplicate headers), but it can be done.
I've done it in C though, not with the command line tool.
Bye
Tim
On Wed, 21 May 2003 21:13:29 +0200
Frédéric Giudicelli <gro...@newpki.org> wrote:
> Hi,
> When I generate a SMIME body with "opensssl smime", Outlook Express 6
> has a problem openning it, example:
> ------28A064EDE1C2332901D899C92E1F6F0F
> This is the message
> ------28A064EDE1C2332901D899C92E1F6F0F
>
> OE claims:
> "Outlook Express encountered an unexpected problem...".
> If I modify the body with "This is the message\r\n", and regenerate the
> SMIME:
> ------4A65F9FD78F6803496CC6E9E2320F36B
> This is the message
>
> ------4A65F9FD78F6803496CC6E9E2320F36B
>
> OE is then capable to open it, but it claims "Message has been tampered
> with".
>
> Any idea ?
>
> Frédéric Giudicelli
> http://www.newpki.org
>