S/MIME app/x-pkcs7-mime signed-data

Discussion:

Alain Bench

2004-01-02 12:03:33 UTC

Hello,

I received an S/MIME opaque signed (not clearsigned) mail,
containing one only piece of base64ed binary data containing all mixed
some headers, text, signature, and certificate:

| MIME-Version: 1.0
| Content-Type: application/x-pkcs7-mime; name="smime.p7m";
| smime-type=signed-data
| Content-Transfer-Encoding: base64
| Content-Disposition: attachment; filename="smime.p7m"
| X-Mailer: Microsoft Outlook Express 6.00.2800.1158

Mutt 1.4 displays nothing else than:

| [-- application/x-pkcs7-mime is unsupported (use 'v' to view this part) --]

Question: Is there a magic mailcap entry I could use to (auto_)view
properly in Mutt 1.4 the text of this pkcs7-mime signed-data mail?

I mean something similar to what I use in ~/.mailcap to
<view-attach> full details of a signature's certificate chain:

| application/x-pkcs7-signature ; openssl smime -pk7out -inform DER |\
| openssl pkcs7 -print_certs -text -noout ; nametemplate=%s.p7s ;\
| copiousoutput

BTW Mutt 1.5.5.1 displays correctly the above p7m signed-data
body, but doesn't print OpenSSL verification output (not even the
enclosing lines with current time), reports "S/MIME signature could
NOT be verified.", and the index 's' stays lowercase. All I get is:

| [-- The following data is S/MIME signed --]
| Clear body of message.
| [-- End of S/MIME signed data. --]

The message is verified OK with MSOE. What am I missing here?

Bye! Alain.

--
Everything about locales on Sven Mascheck's excellent site at new
location <URL:http://www.in-ulm.de/~mascheck/locale/>. The little tester
utility is at <URL:http://www.in-ulm.de/~mascheck/locale/checklocale.c>.

Heiko Heil

2004-01-02 14:46:51 UTC

Permalink

Hello Alain,

Post by Alain Bench
[...]
| [-- application/x-pkcs7-mime is unsupported (use 'v' to view this part) --]
Question: Is there a magic mailcap entry I could use to (auto_)view
properly in Mutt 1.4 the text of this pkcs7-mime signed-data mail?

I only know a procmail/formail-solution from Alex Pleiner

Post by Alain Bench
BTW Mutt 1.5.5.1 displays correctly the above p7m signed-data
body, but doesn't print OpenSSL verification output (not even the
enclosing lines with current time), reports "S/MIME signature could
NOT be verified.", and the index 's' stays lowercase. [...]

Maybe this helps... (-> ~/.muttrc-smime)
set smime_verify_opaque_command="openssl smime -verify \
-inform DER -in %s -noverify"

Bye,
Heiko
--
Heiko Heil <***@gmx.de>

Alain Bench

2004-01-09 22:33:47 UTC

Permalink

Post by Heiko Heil

to (auto_)view properly in Mutt 1.4 the text of this pkcs7-mime
signed-data mail?

a procmail/formail-solution from Alex Pleiner

Thanks for the pointer. It doesn't seem to apply to my case though.
It workarounds lack of smime-type parameter, when I have yet a correct
smime-type=signed-data one.

Post by Heiko Heil

BTW Mutt 1.5.5.1 displays correctly the above p7m signed-data body,
but doesn't print OpenSSL verification output (not even the enclosing
lines with current time), reports "S/MIME signature could NOT be
verified.", and the index 's' stays lowercase.

Maybe this helps... (-> ~/.muttrc-smime)
| set smime_verify_opaque_command="openssl smime -verify -inform DER \
| -in %s -noverify"

No: It gives me same result. I had "%C" and no "-noverify" (probably
default as I never tweaked S/MIME settings).

But thank you very much anyway: That gave me a nice solution for my
first question about Mutt 1.4. I've added 2 entries in mailcap:

| # ====================================================
| # S/MIME opaque signed messages
| # (application/x-pkcs7-mime; smime-type=signed-data)
| # ====================================================
| # attach <view-attach>: details of used certificate
| application/x-pkcs7-mime ;\
| openssl smime -pk7out -inform DER |\
| openssl pkcs7 -print_certs -text -noout |\
| less ;\
| nametemplate=%s.p7m ;\
| test=test %{smime-type} == signed-data
|
| # auto_view in pager: display mail's body,
| # without header, and verification status
| application/x-pkcs7-mime ;\
| openssl smime -verify -text -inform DER -CAfile ~/.smime/ca-bundle.crt |\
| fromdos ;\
| nametemplate=%s.p7m ;\
| test=test %{smime-type} == signed-data ;\
| copiousoutput

And in muttrc added "auto_view application/x-pkcs7-mime". This gives
me nice decoded mail display in pager with OpenSSL status below, and
cert display in attachment menu.

Half better than 1.5: I get the sig verification status. Half not:
Umlauts are not iconved to $charset (real charset label is not available
outside signed-data binary part). But that's good enough for now.

Bye! Alain.

--
DGC> you have a talent for drawing people I'd usually be happy reading
DGC> into your spiralling descents into irrelevance
I'll take that as a complement :-)
DYC in « wrong in public again ». © December 2003.

Thomas Roessler

2004-02-01 18:12:02 UTC

Permalink

Can you send me an example message to reproduce this behavior?

Date: Fri, 2 Jan 2004 13:03:33 +0100 (CET)
Subject: S/MIME app/x-pkcs7-mime signed-data
Hello,
I received an S/MIME opaque signed (not clearsigned) mail,
containing one only piece of base64ed binary data containing all mixed
| MIME-Version: 1.0
| Content-Type: application/x-pkcs7-mime; name="smime.p7m";
| smime-type=signed-data
| Content-Transfer-Encoding: base64
| Content-Disposition: attachment; filename="smime.p7m"
| X-Mailer: Microsoft Outlook Express 6.00.2800.1158
| [-- application/x-pkcs7-mime is unsupported (use 'v' to view this part) --]
Question: Is there a magic mailcap entry I could use to (auto_)view
properly in Mutt 1.4 the text of this pkcs7-mime signed-data mail?
I mean something similar to what I use in ~/.mailcap to
| application/x-pkcs7-signature ; openssl smime -pk7out -inform DER |\
| openssl pkcs7 -print_certs -text -noout ; nametemplate=%s.p7s ;\
| copiousoutput
BTW Mutt 1.5.5.1 displays correctly the above p7m signed-data
body, but doesn't print OpenSSL verification output (not even the
enclosing lines with current time), reports "S/MIME signature could
| [-- The following data is S/MIME signed --]
| Clear body of message.
| [-- End of S/MIME signed data. --]
The message is verified OK with MSOE. What am I missing here?
Bye! Alain.
--
Everything about locales on Sven Mascheck's excellent site at new
location <URL:http://www.in-ulm.de/~mascheck/locale/>. The little tester
utility is at <URL:http://www.in-ulm.de/~mascheck/locale/checklocale.c>.

--
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.

Alain Bench

2004-02-02 02:09:38 UTC

Permalink

Hello Thomas,

Post by Thomas Roessler

an S/MIME opaque signed (not clearsigned) mail [...] Mutt 1.5.5.1
displays correctly the above p7m signed-data body, but doesn't print
OpenSSL verification output (not even the enclosing lines with
current time), reports "S/MIME signature could NOT be verified.", and
the index 's' stays lowercase.

Can you send me an example message to reproduce this behavior?

Example attached. MSOE produces such messages with one (non default)
setting in tools/options/security/advanced: Encode message before
signing (opaque signature) = yes.

Bye! Alain.

--
Give your computer's unused idle processor cycles to a scientific goal:
The ***@home project at <URL:http://genomeathome.stanford.edu/>.

Kevin Geiss

2004-02-05 20:45:51 UTC

Permalink

while we're talking about difficult to handle signatures, here's a
signed email from mail.app in OS X. :)

I had to apply a patch to mutt & implement a procmail hack to get it
to handle these sorts of messages at all.

Post by Thomas Roessler
Can you send me an example message to reproduce this behavior?

Date: Fri, 2 Jan 2004 13:03:33 +0100 (CET)
Subject: S/MIME app/x-pkcs7-mime signed-data
Hello,
I received an S/MIME opaque signed (not clearsigned) mail,
containing one only piece of base64ed binary data containing all mixed
| MIME-Version: 1.0
| Content-Type: application/x-pkcs7-mime; name="smime.p7m";
| smime-type=signed-data
| Content-Transfer-Encoding: base64
| Content-Disposition: attachment; filename="smime.p7m"
| X-Mailer: Microsoft Outlook Express 6.00.2800.1158
| [-- application/x-pkcs7-mime is unsupported (use 'v' to view this part) --]
Question: Is there a magic mailcap entry I could use to
(auto_)view
properly in Mutt 1.4 the text of this pkcs7-mime signed-data mail?
I mean something similar to what I use in ~/.mailcap to
| application/x-pkcs7-signature ; openssl smime -pk7out -inform DER |\
| openssl pkcs7 -print_certs -text -noout ; nametemplate=%s.p7s ;\
| copiousoutput
BTW Mutt 1.5.5.1 displays correctly the above p7m signed-data
body, but doesn't print OpenSSL verification output (not even the
enclosing lines with current time), reports "S/MIME signature could
| [-- The following data is S/MIME signed --]
| Clear body of message.
| [-- End of S/MIME signed data. --]
The message is verified OK with MSOE. What am I missing here?
Bye! Alain.
--
Everything about locales on Sven Mascheck's excellent site at new
location <URL:http://www.in-ulm.de/~mascheck/locale/>. The little tester
utility is at
<URL:http://www.in-ulm.de/~mascheck/locale/checklocale.c>.

--
Thomas Roessler · Personal soap box at
<http://log.does-not-exist.org/>.