[Bug 1640190] Re: S/MIME encryption broken
Thanks, Sven. At some time in 2018 we will learn OpenPGP and alongside this we will be able to handle encapsulated S/MIME, i.e., S/MIME messages which will be enwrapped by, e.g., mailing-lists which place footers etc. Ciao. ** Changed in: s-nail (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640190 Title: S/MIME encryption broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1690898] Re: s-nail alternatives missing in zesty
** Bug watch added: Debian Bug tracker #858080 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858080 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1690898 Title: s-nail alternatives missing in zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1690898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1690898] [NEW] s-nail alternatives missing in zesty
Good evening. Christophe Lyonwrote: |Public bug reported: | |Hello, |Until Ubuntu 16.10, I had alternatives pointing to s-nail (mail, mailx, \ |), which is no longer the case after I upgraded to 17.04. | |Now, I have alternatives pointing to mailutils (which got installed when |I installed google-earth-stable). | |My problem being that the replacement is not 100% compatible. Is this is |bug in s-nail, or a feature of the new version? The Debian package of this MUA (i maintain the code of) has been changed to no longer provide the alternative links to mailx, as far as i know, see [1] upon interest. I personally only ever used Debian Woody and do not really know about the alternate mechanism. I Cc: the Debian (from which Ubuntu inherits the) package maintainer who does. It is definitely not a problem of the MUA itself, who tries more and more to comply to the mailx POSIX standard. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858080 |I tried to uninstall mailutils, uninstall+re-install s-nail but this did |recreate the alternative links. You could try to place a mail symbolic link into your $PATH before /usr/bin etc., which may be sufficient for your use case? As in ?0[steffen@wales nail.git]$ command -v mail /bin/mail ?0[steffen@wales nail.git]$ mkdir -p $HOME/usr/bin ?0[steffen@wales nail.git]$ export PATH=$HOME/usr/bin:$PATH ?0[steffen@wales nail.git]$ ln -s /home/steffen/usr/bin/s-nail $HOME/usr/bin/mail ?0[steffen@wales nail.git]$ command -v mail /home/steffen/usr/bin/mail --steffen | |Ralph says i must not use signatures which spread the light! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1690898 Title: s-nail alternatives missing in zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1690898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1640190] Re: S/MIME encryption broken
Hi. Any news on that? I really would like to see this closed, open bug reports are so ugly... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640190 Title: S/MIME encryption broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1640190] Re: S/MIME encryption broken
Sven Neuhauswrote: |Thanks. I wrote "mime-cipher" and "mime-sign-message-digest" but I |actually had it correctly with an "s" in front. | |It gets weirder and weirder then. |There must be something subtle that Apple Mail on iOS doesn't like. |I verified that the problem remains even with cipher DES3 and digest MD5. Well, your problem report isn't very detailed, i don't know. I don't have Apple Mail around, let alone on iOS. Could very well be an Apple Mail bug, then? I really cannot tell you, i even use my own CA storage when i can, and never touched KeychainAccess.app or whatever the name was/is. Yes, i have imported certificates into Firefox once. Of course there could be a S-nail bug: can you use the shown openssl smime(1) commands on your target platform and re-verify it is all working also there? Maybe we find something subtle, then i would like to fix it? Otherwise i am out of ideas -- except there were quite some fixes since v14.8.9, not to talk about .6, what you say. Not directly OpenSSL related, but of course indirectly content could be different, and possibly Apple Mail doesn't like what it sees when it decodes the content, though i personally never have seen any message which would trigger those problems (thinking about commit [ba29651], for example). Would you be willing to check against v14.8.14, whether the problem is solved there? Download from https://www.sdaoden.eu/downloads/s-nail-latest.tar.xz for example, simply "make all" and then use ./s-nail from within? That would be nice. Thank you, and ciao --steffen -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640190 Title: S/MIME encryption broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1640190] Re: S/MIME encryption broken
Hi. I'll bring it all together here, in the meantime i have subscribed my poor I to Ubuntu, too... Sven Neuhauswrote: |I added these two lines to the .mailrc file on both machines: | |set mime-cipher=aes256 |set mime-sign-message-digest=sha512 Yes, sorry, that was a typo, it is smime-xy. |Also I replaced the content type, as suggested. | |The problem remains. and |I tried both your suggestions: | |a) change the content type back to application/x-pkcs7-mime |b) add "set mime-cipher=aes256" and | "set mime-sign-message-digest=sha512" | directives to the .mailrc | |The issue remains: I can decrypt the mails sent via heirloom-mailx but |not those from s-nail. That seems to be a very tough problem, then. ^.^ |Are there any command line tools that let you analyze the smime.p7m |attachment? ..and.. |I had a quick look at cc-test.sh. | |The S/MIME test seems to be: encrypt an email with s-nail and decrypt it |with s-nail and check if they are identical. | |That does not check a lot. | |Are there any other command line tools to analyze S/MIME mails? That is quite funny, indeed yesterday evening i thought about extending the test and adding calls to openssl itself, i.e., the command line application. We don't do much, Gunnar Ritter, the original author, practically followed 1:1 the popular book on OpenSSL programming ("Network Security with OpenSSL", Pravir Chandra, Matt Messier, John Viega, O'Reilly, ISBN 0-596-00270-X). But you will find that using the command line application just works fine on S/MIME mails generated by S-nail, e.g., < ENCRYPTED-FILE openssl smime -decrypt -inkey tkey.pem | openssl smime -verify -CAfile TRUSTED-FILE-STORE But i have extended the test and credited you for that: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=7a657d9c3392049f52a04a33397c94fd3cc8f4a8 Ciao, --steffen -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640190 Title: S/MIME encryption broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1640190] Re: S/MIME encryption broken
...followed by a message because i had mispelled the names of the variables, forgotten once again, sorry: they should be spelled smime- not -mime. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640190 Title: S/MIME encryption broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1640190] Re: S/MIME encryption broken
Hello, i am the maintainer of S-nail and i responded to the question of the poster as archived at https://sourceforge.net/p/s-nail/s-nail/message/35479133/ or http://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00530.html It follows a copy of the answer: I don't think there is an issue on our side, S/MIME is tested via cc-test.sh in the distribution. I wouldn't exactly call the bug report detailed, your setup must be different from what the bug report states, i.e., more complete. Have you read the manual ("Signed and encrypted messages with S/MIME")? Compared to Heirloom mailx the S/MIME support has been actualized a little bit regarding the standard RFC 5751. E.g., if you replace the line Content-Type: application/pkcs7-mime; name="smime.p7m" with Content-Type: application/x-pkcs7-mime; name="smime.p7m" then maybe that fixes the problem, though unlikely because other MUAs use this one exclusively for some time. More likely the culprit is the upgrade of the *smime-cipher*[1] from des3 (DES EDE3 CBC) to aes128 (AES-128 CBC). If i recall correctly Heirloom used 3des for the name, so if you have set the cipher to 3des then this could also be it. You now can also fine-tune the message digest by setting the *smime-sign-message-digest*[2] option, i.e., more backward compatible: set mime-cipher=des3 mime-sign-message-digest=MD5 More forward compatible set mime-cipher=aes256 mime-sign-message-digest=sha512 [1] https://www.sdaoden.eu/code-nail.html#429 [2] https://www.sdaoden.eu/code-nail.html#_437 Ciao! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640190 Title: S/MIME encryption broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs