Hi,
On 03.01.2026 22:41, Demi Marie Obenour wrote:
Are you concerned about the attack surface of these libraries?
OpenSSL has a substantial history of vulnerabilities. One of the
goals of OpenSSH signatures is to be easy to correctly implement,
even in languages like C.
I'd be interested in what ASN.1 compilers and libraries you recommend,
especially ones that support BER instead of only DER. I actually tried
writing one myself and it's not easy, though definitely not impossible.
On 05.01.2026 21:05, Demi Marie Obenour wrote:
Microsoft has a spec, and it does use a fairly reasonable subset
of CMS, but it is still quite complex. Much of the complexity is
likely in the X.509 certificate handling, though. This assumes one
uses a special-purpose CMS implementation and not a general-purpose,
overcomplicated one.
I have a working implementation for S/MIME with BER support* written in
Rust. Using RustTLS, the crates behind pyca/cryptography for X.509
certificate handling and indygreg/cryptography-rs for the CMS. Took me a
few days to write a PoC, so it's very doable. Especially for a vendor
with an actual need (for a memory-safe implementation).
In my experience PGP/GPG is much worse to implement and much less
well-defined than S/MIME. That is just spec-wise, even if you manage to
write a memory-safe implementation.
I plan on upstreaming S/MIME support to pyca/cryptography for it to be
able to fully check the certificates conform to the CABf S/MIME
baseline. The maintainers of the project are also thinking about making
the crates more generally usable.
There's also an Authenticode/PE implementation written in Rust on
GitHub, haven't taken a close look though.
* - Because CMS currently requires it. But it's a remnant that could be
removed, there's even a lazy justification for it in the RFC.
