Added missing support for S/MIME envloped signing

Question

Added missing support for S/MIME envloped signing

cgruber0 opened this issue 4 years ago · 6 comments

Hi,

I have troubles getting the content of an email that is encrypted and signed (see attachment). The email itself only contains one smime.p7m attachment.

I use following code:

FileInputStream f = new FileInputStream(new File("email.eml"));

FileInputStream key = new FileInputStream(new File("keystore.p12"));
FileInputStream key2 = new FileInputStream(new File("keystore.p12"));

SmimeKeyStore smimeKeyStore = new SmimeKeyStore(key, "pw".toCharArray());
String alias = smimeKeyStore.getPrivateKeyAliases().iterator().next();

Pkcs12Config yourPkcs12Config = Pkcs12Config.builder()
        .pkcs12Store(key2) // path, File or InputStream
        .storePassword("pw")
        .keyAlias(alias)
        .keyPassword("pw")
        .build();

Email mergedEmail = EmailConverter.emlToEmail(f, yourPkcs12Config);
List<AttachmentResource> list = mergedEmail.getDecryptedAttachments();

for (AttachmentResource r : list) {
    play.Logger.info(r.readAllData());
}

But the output of r.readAllData() gives me binary data only.

When I open the email in Thunderbird it is decrypted correctly, it contains text only.

Can you please help me to get the actual content?
email.txt

Answer 1 · 2020-06-03T23:53:02.000Z

Hi, my apologies for the late reply, but I'm currently unable to look into this as I have recently become father to our second child. Takes rather lot of attention I'm finding out. On top of that, the topic here is rather complicated and needs some proper debugging and research.

I'm always open to suggestions and pull requests though. Sorry I don't have better news for the moment...

Answer 2 · 2020-07-12T21:06:22.000Z

When I open this file in Thunderbird, I don't see any attachments...

Answer 3 · 2020-07-13T15:21:47.000Z

If you look at the content of the file (email.txt) you can see a Content-Disposition: attachment; filename="smime.p7m" part.

That's the actual content (= text) of the email. But it's encrypted.

Thunderbird is able to decrypt the email without problems and shows the content (private key provided). The library is not.

You can understand the problem now?

Answer 4 · 2020-07-19T07:02:54.000Z

Unless you provide the private key along with the encrypted email, I can't do a root-cause analysis. The sample emails included in Simple Java Mail's tests all work fine, so I have no clue what can go wrong.

Can you provide the private key, perhaps email it to me directly so I can analyse (I won't publish it in the GIT repo). That would be of great help.

Answer 5 · 2020-07-24T07:07:22.000Z

I have been provided with a matching keystore and have been analysing the issue. It turns out that S/MIME support was incomplete for the backwards compatible legacy signing protocol: Content-Type: application/x-pkcs7-mime; name=smime.p7m; smime-type=signed-data. Nowadays signing is done using certificate added to an attachment, but legacy style is that the entire attachment content is wrapped similarly to how encrypted content still is wrapped (enveloped content).

I've fixed the support (that was pretty complex!), but I've got it working nicely now. Wrapping up on the code quality and then I'll be shipping out a new release...

Answer 6 · 2020-07-26T09:07:07.000Z

Fix released in 6.4.1. Again, greatly appreciate your trust, I could not have analysed and fixed this without it!