vast
asked on
Multipart Mime Message with Digital Signing problem
Hi,
I am manually constructing a Mime email message using Python. I am
attempting to clearsign the message, but I have no idea which part of
the message to use to create the digital signature.
I have created the certificate and private key using openssl. The
message structure is something like this:
------------------start code---------------------
Content-Type: multipart/signed;
boundary="----=_NextPart_0 00_0158_01 C172B1.777 48F70";
micalg="SHA1";
protocol="application/x-pk cs7-signat ure"
From: "tester" <testfrom@test.com>
To: "tester" <testto@test.com>
Subject: Test 1
MIME-Version: 1.0
------=_NextPart_000_0158_ 01C172B1.7 7748F70
Content-Type: multipart/mixed;
boundary="----=_NextPart_0 01_0159_01 C172B1.777 48F70"
------=_NextPart_001_0159_ 01C172B1.7 7748F70
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
this is a test
------=_NextPart_001_0159_ 01C172B1.7 7748F70
Content-Type: text/plain;
name="TestAttach.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="TestAttach.txt"
Attachment 1
------=_NextPart_001_0159_ 01C172B1.7 7748F70--
------=_NextPart_000_0158_ 01C172B1.7 7748F70
Content-Type: application/x-pkcs7-signat ure;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIIFWQYJKoZIhvcNAQcCoIIFSj CCBUYCAQEx CzAJBgUrDg MCGgUAMDkG CSqGSIb3
DQEHAaAsBCpDb250ZW50LVR5cG U6IHRleHQv cGxhaW4NCg 0KdGhpcyBp cyBhIHRl
c3SgggMlMIIDITCCAoqgAwIBAg IBADANBgkq hkiG9w0BAQ QFADBvMQsw CQYDVQQG
EwJaQTELMAkGA1UECBMCV1AxEj AQBgNVBAcT CUNhcGUgVG 93bjEPMA0G A1UEChMG
U0FFQkVYMQ4wDAYDVQQDEwVTQU VCMDEeMBwG CSqGSIb3DQ EJARYPbmVp bEBzYWVi
ZXguY29tMB4XDTAzMDExMzExMz QxNVoXDTA0 MDExMzExMz QxNVowbzEL MAkGA1UE
BhMCWkExCzAJBgNVBAgTAldQMR IwEAYDVQQH EwlDYXBlIF Rvd24xDzAN BgNVBAoT
BlNBRUJFWDEOMAwGA1UEAxMFU0 FFQjAxHjAc BgkqhkiG9w 0BCQEWD25l aWxAc2Fl
YmV4LmNvbTCBnzANBgkqhkiG9w 0BAQEFAAOB jQAwgYkCgY EA7nia4ln9 1JlklwUt
QRRQ+PZQyIWGwlkI6yBDpdC8vd 23VyP+jYC5 z+AJSA8qWv r+T/d6np2J m+8Rr6H7
8WKZzpXs+y9jf8e5n8e0KGIPWR 5IygCnl402 05lPro49UM f8DnTwmzWI Ca8xUVRK
D60Yb9/9ZzDNBbgcYz/zAMz3KI kCAwEAAaOB zDCByTAdBg NVHQ4EFgQU jklA8Nxx
NuJ6sHIQahiY1zYfGHkwgZkGA1 UdIwsBkTCB joAUjklA8N xxNuJ6sHIQ ihiY1zYf
GHmhc6RxMG8xCzAJBgNVBAYTAl pBMQswCQYD VQQIEwJXUD ESMBAGA1UE BxMJQ2Fw
ZSBUb3duMQ8wDQYDVQQKEwZTQU VCRVgxDjAM BgNVBAMTBV NBRUIwMR4w HAYJKoZI
hvcNAQkBFg9uZWlsQHNhZWJleC 5jb22CAQAw DAYDVR0TBA UwAwEB/zAN BgkqhkiG
9w0BAQQFAAOBgQCb1hF7/qL/nO eepoNkFJfp qgpE0+w2/h ZHW3pNtsdp G/ybIl/X
Xf9ksFCXbTPbWRIgvYWMbYg+Ss +99b6OmqhN xWpcsSlDCZ 3TgJ6gW9jh mckwW4OH
+T7UNfaNehNplanuUClmLf1vdI DISS9ybyhs dYV7SHmRd5 NQhLZz0/j0 IjGCAc4w
ggHKAgEBMHQwbzELMAkGA1UEBh MCWkExCzAJ BgNVBAgTAl dQMRIwEAYD VQQHEwlD
YXBlIFRvd24xDzANBgNVBAoTBl NBRUJFWDEO MAwGA1UEAx MFU0FFQjAx HjAcBgkq
hkiG9w0BCQEWD25laWxAc2FlYm V4LmNvbQIB ADAJBgUrDg MCGgUAoIGx MBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBw EwHAYJKoZI hvcNAQkFMQ 8XDTAzMDEy MDA4MjQz
NVowIwYJKoZIhvcNAQkEMRYEFH XBswJT7RjB 7MvybDmerP Qr054EMFIG CSqGSIb3
DQEJDzFFMEMwCgYIKoZIhvcNAw cwDgYIKoZI hvcNAwICAg CAMA0GCCqG SIb3DQMC
AgFAMAcGBSsOAwIHMA0GCCqGSI b3DQMCAgEo MA0GCSqGSI b3DQEBAQUA BIGAvLZc
gZMTxBhB3dEzadpTk+dfN2kEuS l85ZBmfzyO ba9HeFVK0H awKQ0zJBCD Dd1nWsim
VfGYxexPKErXugdlGoTGE1X+VS 6Xjks1a5hG vAOpmrrRij av8bOcCmoW EZZ0MeL5
tQgLEVcy46l3a2bHfMTrdfXhym qpcfkH9iqu S18=
------=_NextPart_000_0158_ 01C172B1.7 7748F70--
------------------end code---------------------
I am (according to other examples) using the actual message text
('this is a test') to create the signature with. The result of this
when opened is that the certificate is readable, but says that the
message content has been altered. Obviously I am not using the correct
part of the message to create the signature with.
Can someone please tell me which part of the message I should be using
to create the signature with.
Thanks for any help
Neil
I am manually constructing a Mime email message using Python. I am
attempting to clearsign the message, but I have no idea which part of
the message to use to create the digital signature.
I have created the certificate and private key using openssl. The
message structure is something like this:
------------------start code---------------------
Content-Type: multipart/signed;
boundary="----=_NextPart_0
micalg="SHA1";
protocol="application/x-pk
From: "tester" <testfrom@test.com>
To: "tester" <testto@test.com>
Subject: Test 1
MIME-Version: 1.0
------=_NextPart_000_0158_
Content-Type: multipart/mixed;
boundary="----=_NextPart_0
------=_NextPart_001_0159_
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding:
this is a test
------=_NextPart_001_0159_
Content-Type: text/plain;
name="TestAttach.txt"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="TestAttach.txt"
Attachment 1
------=_NextPart_001_0159_
------=_NextPart_000_0158_
Content-Type: application/x-pkcs7-signat
name="smime.p7s"
Content-Transfer-Encoding:
Content-Disposition: attachment;
filename="smime.p7s"
MIIFWQYJKoZIhvcNAQcCoIIFSj
DQEHAaAsBCpDb250ZW50LVR5cG
c3SgggMlMIIDITCCAoqgAwIBAg
EwJaQTELMAkGA1UECBMCV1AxEj
U0FFQkVYMQ4wDAYDVQQDEwVTQU
ZXguY29tMB4XDTAzMDExMzExMz
BhMCWkExCzAJBgNVBAgTAldQMR
BlNBRUJFWDEOMAwGA1UEAxMFU0
YmV4LmNvbTCBnzANBgkqhkiG9w
QRRQ+PZQyIWGwlkI6yBDpdC8vd
8WKZzpXs+y9jf8e5n8e0KGIPWR
D60Yb9/9ZzDNBbgcYz/zAMz3KI
NuJ6sHIQahiY1zYfGHkwgZkGA1
GHmhc6RxMG8xCzAJBgNVBAYTAl
ZSBUb3duMQ8wDQYDVQQKEwZTQU
hvcNAQkBFg9uZWlsQHNhZWJleC
9w0BAQQFAAOBgQCb1hF7/qL/nO
Xf9ksFCXbTPbWRIgvYWMbYg+Ss
+T7UNfaNehNplanuUClmLf1vdI
ggHKAgEBMHQwbzELMAkGA1UEBh
YXBlIFRvd24xDzANBgNVBAoTBl
hkiG9w0BCQEWD25laWxAc2FlYm
SIb3DQEJAzELBgkqhkiG9w0BBw
NVowIwYJKoZIhvcNAQkEMRYEFH
DQEJDzFFMEMwCgYIKoZIhvcNAw
AgFAMAcGBSsOAwIHMA0GCCqGSI
gZMTxBhB3dEzadpTk+dfN2kEuS
VfGYxexPKErXugdlGoTGE1X+VS
tQgLEVcy46l3a2bHfMTrdfXhym
------=_NextPart_000_0158_
------------------end code---------------------
I am (according to other examples) using the actual message text
('this is a test') to create the signature with. The result of this
when opened is that the certificate is readable, but says that the
message content has been altered. Obviously I am not using the correct
part of the message to create the signature with.
Can someone please tell me which part of the message I should be using
to create the signature with.
Thanks for any help
Neil
ASKER
I'm not sure I'm interpreting the RFC correctly.
Should I be converting the seperate nodes (the plain text part and the attachment part) to base64 and then use everything from (and including):
'Content-Type: multipart/signed;' to:
'------=_NextPart_001_0159 _01C172B1. 77748F70-- '
to create the encrypted digest??
I have tried this but it has exactly the same result.
Should I be converting the seperate nodes (the plain text part and the attachment part) to base64 and then use everything from (and including):
'Content-Type: multipart/signed;' to:
'------=_NextPart_001_0159
to create the encrypted digest??
I have tried this but it has exactly the same result.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I missed your second question. The answer is no, you should not be including the boundary in your digest.
This question has been classified as abandoned. I will make a recommendation to the moderators on its resolution in approximately one week. I would appreciate any comments by the experts that would help me in making a recommendation.
It is assumed that any participant not responding to this request is no longer interested in its final deposition.
If the asker does not know how to close the question, the options are here:
https://www.experts-exchange.com/help.jsp#hs5
zenlion420
EE Page Editor
It is assumed that any participant not responding to this request is no longer interested in its final deposition.
If the asker does not know how to close the question, the options are here:
https://www.experts-exchange.com/help.jsp#hs5
zenlion420
EE Page Editor
The signature in a multipart/signed is an encrypted digest of the first body, including its MIME headers. If you're only creating a digest of the message text "this is a test", you're missing the headers (which is why your email client balks).
RFC 1847 has the details on creating multipart/signed messages. The best part is it's quick reading (only eleven pages long, not bad for an RFC). RFC 1847 can be found here: ftp://ftp.rfc-editor.org/in-notes/rfc1847.txt
Best of luck,
Jason Deckard