vast
asked on
Multipart Mime Message with Digital Signing problem
Hi,
I am manually constructing a Mime email message using Python. I am
attempting to clearsign the message, but I have no idea which part of
the message to use to create the digital signature.
I have created the certificate and private key using openssl. The
message structure is something like this:
------------------start code---------------------
Content-Type: multipart/signed;
boundary="----=_NextPart_0
micalg="SHA1";
protocol="application/x-pk
From: "tester" <testfrom@test.com>
To: "tester" <testto@test.com>
Subject: Test 1
MIME-Version: 1.0
------=_NextPart_000_0158_
Content-Type: multipart/mixed;
boundary="----=_NextPart_0
------=_NextPart_001_0159_
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding:
this is a test
------=_NextPart_001_0159_
Content-Type: text/plain;
name="TestAttach.txt"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="TestAttach.txt"
Attachment 1
------=_NextPart_001_0159_
------=_NextPart_000_0158_
Content-Type: application/x-pkcs7-signat
name="smime.p7s"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="smime.p7s"
MIIFWQYJKoZIhvcNAQcCoIIFSj
DQEHAaAsBCpDb250ZW50LVR5cG
c3SgggMlMIIDITCCAoqgAwIBAg
EwJaQTELMAkGA1UECBMCV1AxEj
U0FFQkVYMQ4wDAYDVQQDEwVTQU
ZXguY29tMB4XDTAzMDExMzExMz
BhMCWkExCzAJBgNVBAgTAldQMR
BlNBRUJFWDEOMAwGA1UEAxMFU0
YmV4LmNvbTCBnzANBgkqhkiG9w
QRRQ+PZQyIWGwlkI6yBDpdC8vd
8WKZzpXs+y9jf8e5n8e0KGIPWR
D60Yb9/9ZzDNBbgcYz/zAMz3KI
NuJ6sHIQahiY1zYfGHkwgZkGA1
GHmhc6RxMG8xCzAJBgNVBAYTAl
ZSBUb3duMQ8wDQYDVQQKEwZTQU
hvcNAQkBFg9uZWlsQHNhZWJleC
9w0BAQQFAAOBgQCb1hF7/qL/nO
Xf9ksFCXbTPbWRIgvYWMbYg+Ss
+T7UNfaNehNplanuUClmLf1vdI
ggHKAgEBMHQwbzELMAkGA1UEBh
YXBlIFRvd24xDzANBgNVBAoTBl
hkiG9w0BCQEWD25laWxAc2FlYm
SIb3DQEJAzELBgkqhkiG9w0BBw
NVowIwYJKoZIhvcNAQkEMRYEFH
DQEJDzFFMEMwCgYIKoZIhvcNAw
AgFAMAcGBSsOAwIHMA0GCCqGSI
gZMTxBhB3dEzadpTk+dfN2kEuS
VfGYxexPKErXugdlGoTGE1X+VS
tQgLEVcy46l3a2bHfMTrdfXhym
------=_NextPart_000_0158_
------------------end code---------------------
I am (according to other examples) using the actual message text
('this is a test') to create the signature with. The result of this
when opened is that the certificate is readable, but says that the
message content has been altered. Obviously I am not using the correct
part of the message to create the signature with.
Can someone please tell me which part of the message I should be using
to create the signature with.
Thanks for any help
Neil
I am manually constructing a Mime email message using Python. I am
attempting to clearsign the message, but I have no idea which part of
the message to use to create the digital signature.
I have created the certificate and private key using openssl. The
message structure is something like this:
------------------start code---------------------
Content-Type: multipart/signed;
boundary="----=_NextPart_0
micalg="SHA1";
protocol="application/x-pk
From: "tester" <testfrom@test.com>
To: "tester" <testto@test.com>
Subject: Test 1
MIME-Version: 1.0
------=_NextPart_000_0158_
Content-Type: multipart/mixed;
boundary="----=_NextPart_0
------=_NextPart_001_0159_
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding:
this is a test
------=_NextPart_001_0159_
Content-Type: text/plain;
name="TestAttach.txt"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="TestAttach.txt"
Attachment 1
------=_NextPart_001_0159_
------=_NextPart_000_0158_
Content-Type: application/x-pkcs7-signat
name="smime.p7s"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="smime.p7s"
MIIFWQYJKoZIhvcNAQcCoIIFSj
DQEHAaAsBCpDb250ZW50LVR5cG
c3SgggMlMIIDITCCAoqgAwIBAg
EwJaQTELMAkGA1UECBMCV1AxEj
U0FFQkVYMQ4wDAYDVQQDEwVTQU
ZXguY29tMB4XDTAzMDExMzExMz
BhMCWkExCzAJBgNVBAgTAldQMR
BlNBRUJFWDEOMAwGA1UEAxMFU0
YmV4LmNvbTCBnzANBgkqhkiG9w
QRRQ+PZQyIWGwlkI6yBDpdC8vd
8WKZzpXs+y9jf8e5n8e0KGIPWR
D60Yb9/9ZzDNBbgcYz/zAMz3KI
NuJ6sHIQahiY1zYfGHkwgZkGA1
GHmhc6RxMG8xCzAJBgNVBAYTAl
ZSBUb3duMQ8wDQYDVQQKEwZTQU
hvcNAQkBFg9uZWlsQHNhZWJleC
9w0BAQQFAAOBgQCb1hF7/qL/nO
Xf9ksFCXbTPbWRIgvYWMbYg+Ss
+T7UNfaNehNplanuUClmLf1vdI
ggHKAgEBMHQwbzELMAkGA1UEBh
YXBlIFRvd24xDzANBgNVBAoTBl
hkiG9w0BCQEWD25laWxAc2FlYm
SIb3DQEJAzELBgkqhkiG9w0BBw
NVowIwYJKoZIhvcNAQkEMRYEFH
DQEJDzFFMEMwCgYIKoZIhvcNAw
AgFAMAcGBSsOAwIHMA0GCCqGSI
gZMTxBhB3dEzadpTk+dfN2kEuS
VfGYxexPKErXugdlGoTGE1X+VS
tQgLEVcy46l3a2bHfMTrdfXhym
------=_NextPart_000_0158_
------------------end code---------------------
I am (according to other examples) using the actual message text
('this is a test') to create the signature with. The result of this
when opened is that the certificate is readable, but says that the
message content has been altered. Obviously I am not using the correct
part of the message to create the signature with.
Can someone please tell me which part of the message I should be using
to create the signature with.
Thanks for any help
Neil
ASKER
I'm not sure I'm interpreting the RFC correctly.
Should I be converting the seperate nodes (the plain text part and the attachment part) to base64 and then use everything from (and including):
'Content-Type: multipart/signed;' to:
'------=_NextPart_001_0159
to create the encrypted digest??
I have tried this but it has exactly the same result.
Should I be converting the seperate nodes (the plain text part and the attachment part) to base64 and then use everything from (and including):
'Content-Type: multipart/signed;' to:
'------=_NextPart_001_0159
to create the encrypted digest??
I have tried this but it has exactly the same result.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I missed your second question. The answer is no, you should not be including the boundary in your digest.
This question has been classified as abandoned. I will make a recommendation to the moderators on its resolution in approximately one week. I would appreciate any comments by the experts that would help me in making a recommendation.
It is assumed that any participant not responding to this request is no longer interested in its final deposition.
If the asker does not know how to close the question, the options are here:
https://www.experts-exchange.com/help.jsp#hs5
zenlion420
EE Page Editor
It is assumed that any participant not responding to this request is no longer interested in its final deposition.
If the asker does not know how to close the question, the options are here:
https://www.experts-exchange.com/help.jsp#hs5
zenlion420
EE Page Editor
The signature in a multipart/signed is an encrypted digest of the first body, including its MIME headers. If you're only creating a digest of the message text "this is a test", you're missing the headers (which is why your email client balks).
RFC 1847 has the details on creating multipart/signed messages. The best part is it's quick reading (only eleven pages long, not bad for an RFC). RFC 1847 can be found here: ftp://ftp.rfc-editor.org/in-notes/rfc1847.txt
Best of luck,
Jason Deckard