Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

openssl smime problem ?

5 views
Skip to first unread message

Frédéric Giudicelli

unread,
May 21, 2003, 3:31:05 PM5/21/03
to
This is a multi-part message in MIME format.

------=_NextPart_000_00A1_01C31FE0.9A54F420
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Ok, if I understand the attachement has been removed, here it is again

Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Frédéric Giudicelli" <gro...@newpki.org>
To: <opens...@openssl.org>
Sent: Wednesday, May 21, 2003 9:25 PM
Subject: Re: openssl smime problem ?


> I'm using "openssl smime", I'm attaching the result of the command.
>
> Frédéric Giudicelli
> http://www.newpki.org
> ----- Original Message -----
> From: "Dr. Stephen Henson" <st...@openssl.org>
> To: <opens...@openssl.org>
> Sent: Wednesday, May 21, 2003 9:18 PM
> Subject: Re: openssl smime problem ?
>
>
> > On Wed, May 21, 2003, Frédéric Giudicelli wrote:
> >
> > > Hi,
> > > When I generate a SMIME body with "opensssl smime", Outlook Express 6
> has a
> > > problem openning it, example:
> > > ------28A064EDE1C2332901D899C92E1F6F0F
> > > This is the message
> > > ------28A064EDE1C2332901D899C92E1F6F0F
> > >
> > > OE claims:
> > > "Outlook Express encountered an unexpected problem...".
> > > If I modify the body with "This is the message\r\n", and regenerate
the
> > > SMIME:
> > > ------4A65F9FD78F6803496CC6E9E2320F36B
> > > This is the message
> > >
> > > ------4A65F9FD78F6803496CC6E9E2320F36B
> > >
> > > OE is then capable to open it, but it claims "Message has been
tampered
> > > with".
> > >
> > > Any idea ?
> > >
> >
> > Are you manually doing the MIME formatting or are you using the 'smime'
> tool
> > for this?
> >
> > You should include MIME headers (e.g. Content-type: text/plain) in the
> first
> > part if you are doing this manually.
> >
> > Steve.
> > --
> > Dr Stephen N. Henson.
> > Core developer of the OpenSSL project: http://www.openssl.org/
> > Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
> > Email: she...@drh-consultancy.demon.co.uk, PGP key: via homepage.
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List opens...@openssl.org
> > Automated List Manager majo...@openssl.org
> >
>

------=_NextPart_000_00A1_01C31FE0.9A54F420
Content-Type: text/plain;
name="smime.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="smime.txt"

To: t...@to.com=0A=
From: fr...@from.com=0A=
Subject: Salut=0A=
MIME-Version: 1.0=0A=
Content-Type: multipart/signed; =
protocol=3D"application/x-pkcs7-signature"; micalg=3Dsha1; =
boundary=3D"----3770C6143C02E4250BAFE553D0A3F34C"=0A=
=0A=
This is an S/MIME signed message=0A=
=0A=
------3770C6143C02E4250BAFE553D0A3F34C=0A=
This is the message=0A=
------3770C6143C02E4250BAFE553D0A3F34C=0A=
Content-Type: application/x-pkcs7-signature; name=3D"smime.p7s"=0A=
Content-Transfer-Encoding: base64=0A=
Content-Disposition: attachment; filename=3D"smime.p7s"=0A=
=0A=
MIIFEgYJKoZIhvcNAQcCoIIFAzCCBP8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3=0A=
DQEHAaCCAwswggMHMIICcKADAgECAgEBMA0GCSqGSIb3DQEBBQUAMHAxDTALBgNV=0A=
BAsTBERldi4xDzANBgNVBAoTBk5ld1BLSTELMAkGA1UEBhMCRlIxCzAJBgNVBAgT=0A=
Ajc1MQ4wDAYDVQQHEwVQYXJpczEkMCIGA1UEAxMbcGtpYmFzZSAtIEludGVybmFs=0A=
IFVTRVJTIENBMB4XDTAzMDUxOTAyNTgyMloXDTA0MDUxODAyNTgyMlowZjENMAsG=0A=
A1UECxMERGV2LjEPMA0GA1UEChMGTmV3UEtJMQswCQYDVQQGEwJGUjELMAkGA1UE=0A=
CBMCNzUxDjAMBgNVBAcTBVBhcmlzMRowGAYDVQQDExFQS0kgQWRtaW5pc3RyYXRv=0A=
cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnXqZQMpx8ltf9gN29Hh6HU8N=0A=
I6XAzxzglUDPIbOKmJhzi/qUcLGeuVf8Np/q8sGaDsfCPY18sNdAWDcqImlaSLZ1=0A=
RbJe4FmJY62UG6d4JiuqBmBxgY1eqC7aRphMG8KnybChla4q2jLsCLi9TN9QZjxV=0A=
7Uk6FNkjSzWUL5q5ZMcCAwEAAaOBujCBtzAJBgNVHRMEAjAAMDUGCWCGSAGG+EIB=0A=
DQQoFiZOZXdQS0kgSW50ZXJuYWwgQ0EgRW5kVXNlciBDZXJ0aWZpY2F0ZTAdBgNV=0A=
HQ4EFgQU10DvslF5W3IWcBKnJ8VOxUMXeoIwHwYDVR0jBBgwFoAUtTFs0dr5nhuQ=0A=
lI1UxVtA0xd6KgcwEQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIF4DATBgNV=0A=
HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQCpC3fvdEV+D06PbpF+=0A=
pqhorWovkUgGssoxoBhYrsHsQJFT1zV6Xt7o6h2UuUhclRjbWuJoO0EbJrgWQffE=0A=
EVdsfUJ3NbwdPdzCS/GpyJ/0YBsuoWFQMsT4Cg2NtloTU5Si4jWQ0dbgeDVm/JkT=0A=
No/CIgm7KDgY4+h9mj7yhmpyJzGCAc8wggHLAgEBMHUwcDENMAsGA1UECxMERGV2=0A=
LjEPMA0GA1UEChMGTmV3UEtJMQswCQYDVQQGEwJGUjELMAkGA1UECBMCNzUxDjAM=0A=
BgNVBAcTBVBhcmlzMSQwIgYDVQQDExtwa2liYXNlIC0gSW50ZXJuYWwgVVNFUlMg=0A=
Q0ECAQEwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG=0A=
CSqGSIb3DQEJBTEPFw0wMzA1MjExOTI2MjVaMCMGCSqGSIb3DQEJBDEWBBTN/TXp=0A=
mD7ZiZhOAmVGskGAO+vQKzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G=0A=
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0D=0A=
AgIBKDANBgkqhkiG9w0BAQEFAASBgDRokJOBHZb5d7v4xvSPb2WqOFuDc1w4l73o=0A=
f4qdA3Vchrfgici2J4boPdImC+MTnQ0tbW+Anzk5htxuYs+xLFoMpcnP9j2iFmae=0A=
W4s9YEnsxOjeT/dX8WhbcQ95RQQsn9ECVtqHc24GeTju4GBSWoqamE1Lm7WzAqLC=0A=
2t84rAL5=0A=
=0A=
------3770C6143C02E4250BAFE553D0A3F34C--=0A=
=0A=

------=_NextPart_000_00A1_01C31FE0.9A54F420--

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

Dr. Stephen Henson

unread,
May 21, 2003, 4:37:41 PM5/21/03
to
On Wed, May 21, 2003, Frédéric Giudicelli wrote:

> Ok, if I understand the attachement has been removed, here it is again
>
>

> > I'm using "openssl smime", I'm attaching the result of the command.
> >

> To: t...@to.com
> From: fr...@from.com
> Subject: Salut
> MIME-Version: 1.0
> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----3770C6143C02E4250BAFE553D0A3F34C"


>
> This is an S/MIME signed message
>

> ------3770C6143C02E4250BAFE553D0A3F34C
> This is the message
> ------3770C6143C02E4250BAFE553D0A3F34C
> Content-Type: application/x-pkcs7-signature; name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7s"
>

[stuff deleted]

That could confuse the Outlook MIME parser. Try it with the -text option and
see what happens. If you still get the message try with -nodetach as well.

If the sig is OK with -nodetach and not without it then check the message
source which Outlook receives to ensure that something isn't corrupting it en
route.

Frédéric Giudicelli

unread,
May 21, 2003, 5:13:44 PM5/21/03
to
Well,
"-text" didn't do the trick (it still claims the message has been altered).
"-nodetach" did the trick but the message didn't show up.
"-text -nodetach" did the trick.

I directly open the message in OE from the resulting file, so I'm sure it's
not altered, this is really weird as if OE expected something special in
between the boundaries.

Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <opens...@openssl.org>
Sent: Wednesday, May 21, 2003 10:37 PM
Subject: Re: openssl smime problem ?

Dr. Stephen Henson

unread,
May 21, 2003, 5:36:38 PM5/21/03
to
On Wed, May 21, 2003, Frédéric Giudicelli wrote:

> Well,
> "-text" didn't do the trick (it still claims the message has been altered).
> "-nodetach" did the trick but the message didn't show up.
> "-text -nodetach" did the trick.
>
> I directly open the message in OE from the resulting file, so I'm sure it's
> not altered, this is really weird as if OE expected something special in
> between the boundaries.
>

Hmm that could be it. Due to the way the various parts of OpenSSL handle end
of line openssl smime without -detach has a mixture of "\n" and "\r\n"
in the outputted data. This doesn't seem to matter in many cases such as
piping the result into sendmail but opening it up directly might be a problem.

Something like deleting all "\r" then changing "\n" to "\r\n" might do the
trick.

Frédéric Giudicelli

unread,
May 21, 2003, 7:07:05 PM5/21/03
to
Changing all "\n" with "\r\n" does work it still claims the message as be
altered.

Is there a counter-indication with using "-nodetach" ?

Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <opens...@openssl.org>
Sent: Wednesday, May 21, 2003 11:36 PM
Subject: Re: openssl smime problem ?

Dr. Stephen Henson

unread,
May 21, 2003, 8:22:16 PM5/21/03
to
On Thu, May 22, 2003, Frédéric Giudicelli wrote:

> Changing all "\n" with "\r\n" does work it still claims the message as be
> altered.
>
> Is there a counter-indication with using "-nodetach" ?
>

With -nodetach the context is included in the PKCS#7 structure which normally
makes an email client use it verbatim and so the signature matches.

Without that option it uses cleartext signing which has various translations
performed on it before the signature is calculated.

Frédéric Giudicelli

unread,
May 22, 2003, 9:16:18 AM5/22/03
to
Ok, I have to solution
When calling PKCS7_sign, the body is transformed using SMIME_crlf_copy
before computing the signature, however, when generating the output SMIME
using SMIME_write_PKCS7, the body is directly written to the output BIO,
without being parsed by SMIME_crlf_copy.

Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <opens...@openssl.org>
Sent: Thursday, May 22, 2003 2:22 AM
Subject: Re: openssl smime problem ?

Tim Tassonis

unread,
May 22, 2003, 11:37:04 AM5/22/03
to
Hi

One tip: If you've got two newlines at the end of the message, you've got
to remove one, otherwise Outlook will complain.


I had to implement a mail signing/encrypting program based on the openssl
library and finally managed to create signed/encrypted messages that were
valid in Mozilla, openssl smime and all the various Outlook version. Quite
a pain, especially for outlook.

There are several "issues" with outlook (such as trailing newlines,
non-standard mime-headers, duplicate headers), but it can be done.

I've done it in C though, not with the command line tool.

Bye
Tim

On Wed, 21 May 2003 21:13:29 +0200
Fr=E9d=E9ric Giudicelli <gro...@newpki.org> wrote:

> Hi,
> When I generate a SMIME body with "opensssl smime", Outlook Express 6
> has a problem openning it, example:
> ------28A064EDE1C2332901D899C92E1F6F0F
> This is the message
> ------28A064EDE1C2332901D899C92E1F6F0F

>=20


> OE claims:
> "Outlook Express encountered an unexpected problem...".
> If I modify the body with "This is the message\r\n", and regenerate the
> SMIME:
> ------4A65F9FD78F6803496CC6E9E2320F36B
> This is the message

>=20
> ------4A65F9FD78F6803496CC6E9E2320F36B
>=20


> OE is then capable to open it, but it claims "Message has been tampered
> with".

>=20
> Any idea ?
>=20
> Fr=E9d=E9ric Giudicelli
> http://www.newpki.org
>=20

Frédéric Giudicelli

unread,
May 22, 2003, 11:57:12 AM5/22/03
to
Well I ended up rewritting the SMIME_write_PKCS7 function, I changed all the
\n with \r\n as advised by Stephen, plus I made sure that the datas given
for signature were the same as the one between the boundaries (which wasn't
the case as explained ealier).

Now it works fine with OE.

Frédéric Giudicelli
http://www.newpki.org
----- Original Message -----
From: "Tim Tassonis" <tim...@dplanet.ch>
To: <opens...@openssl.org>
Cc: <gro...@newpki.org>
Sent: Thursday, May 22, 2003 5:36 PM
Subject: Re: openssl smime problem ?


Hi

One tip: If you've got two newlines at the end of the message, you've got
to remove one, otherwise Outlook will complain.


I had to implement a mail signing/encrypting program based on the openssl
library and finally managed to create signed/encrypted messages that were
valid in Mozilla, openssl smime and all the various Outlook version. Quite
a pain, especially for outlook.

There are several "issues" with outlook (such as trailing newlines,
non-standard mime-headers, duplicate headers), but it can be done.

I've done it in C though, not with the command line tool.

Bye
Tim

On Wed, 21 May 2003 21:13:29 +0200
Frédéric Giudicelli <gro...@newpki.org> wrote:

> Hi,
> When I generate a SMIME body with "opensssl smime", Outlook Express 6
> has a problem openning it, example:
> ------28A064EDE1C2332901D899C92E1F6F0F
> This is the message
> ------28A064EDE1C2332901D899C92E1F6F0F
>

> OE claims:
> "Outlook Express encountered an unexpected problem...".
> If I modify the body with "This is the message\r\n", and regenerate the
> SMIME:
> ------4A65F9FD78F6803496CC6E9E2320F36B
> This is the message
>

> ------4A65F9FD78F6803496CC6E9E2320F36B


>
> OE is then capable to open it, but it claims "Message has been tampered
> with".
>

> Any idea ?
>
> Frédéric Giudicelli
> http://www.newpki.org
>

0 new messages