[Bug 1640190] Re: S/MIME encryption broken

2018-03-01 Thread Steffen (Daode) Nurpmeso 
Thanks, Sven.

At some time in 2018 we will learn OpenPGP and alongside this we will be able 
to handle encapsulated S/MIME, i.e., S/MIME messages which will be enwrapped 
by, e.g., mailing-lists which place footers etc.
Ciao.

** Changed in: s-nail (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2018-03-01 Thread Sven Neuhaus 
Just close it, if I encounter the problem again I can always reopen it.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-21 Thread Steffen (Daode) Nurpmeso 
Hi.

Any news on that?  I really would like to see this closed, open bug
reports are so ugly...

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1640190] Re: S/MIME encryption broken

2016-11-09 Thread Steffen (Daode) Nurpmeso 
Sven Neuhaus  wrote:
 |Thanks. I wrote "mime-cipher" and "mime-sign-message-digest" but I
 |actually had it correctly with an "s" in front.
 |
 |It gets weirder and weirder then. 
 |There must be something subtle that Apple Mail on iOS doesn't like.
 |I verified that the problem remains even with cipher DES3 and digest MD5.

Well, your problem report isn't very detailed, i don't know.
I don't have Apple Mail around, let alone on iOS.  Could very well
be an Apple Mail bug, then?  I really cannot tell you, i even use
my own CA storage when i can, and never touched KeychainAccess.app
or whatever the name was/is.  Yes, i have imported certificates
into Firefox once.

Of course there could be a S-nail bug: can you use the shown
openssl smime(1) commands on your target platform and re-verify it
is all working also there?  Maybe we find something subtle, then
i would like to fix it?  Otherwise i am out of ideas -- except
there were quite some fixes since v14.8.9, not to talk about .6,
what you say.  Not directly OpenSSL related, but of course
indirectly content could be different, and possibly Apple Mail
doesn't like what it sees when it decodes the content, though
i personally never have seen any message which would trigger those
problems (thinking about commit [ba29651], for example).
Would you be willing to check against v14.8.14, whether the
problem is solved there?  Download from

  https://www.sdaoden.eu/downloads/s-nail-latest.tar.xz

for example, simply "make all" and then use ./s-nail from within?
That would be nice.

Thank you, and ciao

--steffen

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-09 Thread Sven Neuhaus 
Thanks. I wrote "mime-cipher" and "mime-sign-message-digest" but I
actually had it correctly with an "s" in front.

It gets weirder and weirder then. 
There must be something subtle that Apple Mail on iOS doesn't like.
I verified that the problem remains even with cipher DES3 and digest MD5.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1640190] Re: S/MIME encryption broken

2016-11-09 Thread Steffen (Daode) Nurpmeso 
Hi.
I'll bring it all together here, in the meantime i have subscribed
my poor I to Ubuntu, too...

Sven Neuhaus  wrote:
 |I added these two lines to the .mailrc file on both machines:
 |
 |set mime-cipher=aes256
 |set mime-sign-message-digest=sha512

Yes, sorry, that was a typo, it is smime-xy.

 |Also I replaced the content type, as suggested.
 |
 |The problem remains.

and

 |I tried both your suggestions:
 |
 |a) change the content type back to application/x-pkcs7-mime
 |b) add "set mime-cipher=aes256" and
 |   "set mime-sign-message-digest=sha512"
 |   directives to the .mailrc
 |
 |The issue remains: I can decrypt the mails sent via heirloom-mailx but
 |not those from s-nail.

That seems to be a very tough problem, then.  ^.^

 |Are there any command line tools that let you analyze the smime.p7m
 |attachment?

..and..

 |I had a quick look at cc-test.sh.
 |
 |The S/MIME test seems to be: encrypt an email with s-nail and decrypt it
 |with s-nail and check if they are identical.
 |
 |That does not check a lot.
 |
 |Are there any other command line tools to analyze S/MIME mails?

That is quite funny, indeed yesterday evening i thought about
extending the test and adding calls to openssl itself, i.e., the
command line application.  We don't do much, Gunnar Ritter, the
original author, practically followed 1:1 the popular book on
OpenSSL programming ("Network Security with OpenSSL", Pravir
Chandra, Matt Messier, John Viega, O'Reilly, ISBN 0-596-00270-X).

But you will find that using the command line application just
works fine on S/MIME mails generated by S-nail, e.g.,

  < ENCRYPTED-FILE
  openssl smime -decrypt -inkey tkey.pem |
  openssl smime -verify -CAfile TRUSTED-FILE-STORE

But i have extended the test and credited you for that:

https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=7a657d9c3392049f52a04a33397c94fd3cc8f4a8

Ciao,

--steffen

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-09 Thread Sven Neuhaus 
I had a quick look at cc-test.sh.

The S/MIME test seems to be: encrypt an email with s-nail and decrypt it
with s-nail and check if they are identical.

That does not check a lot.

Are there any other command line tools to analyze S/MIME mails?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-09 Thread Sven Neuhaus 
I added these two lines to the .mailrc file on both machines:

set mime-cipher=aes256
set mime-sign-message-digest=sha512

Also I replaced the content type, as suggested.

The problem remains.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-08 Thread Launchpad Bug Tracker 
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: s-nail (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-08 Thread Steffen (Daode) Nurpmeso 
...followed by a message because i had mispelled the names of the
variables, forgotten once again, sorry: they should be spelled smime-
not -mime.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640190] Re: S/MIME encryption broken

2016-11-08 Thread Steffen (Daode) Nurpmeso 
Hello,

i am the maintainer of S-nail and i responded to the question of the
poster as archived at

  https://sourceforge.net/p/s-nail/s-nail/message/35479133/
or
  http://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00530.html

It follows a copy of the answer:

I don't think there is an issue on our side, S/MIME is tested via
cc-test.sh in the distribution.
I wouldn't exactly call the bug report detailed, your setup must
be different from what the bug report states, i.e., more complete.
Have you read the manual ("Signed and encrypted messages
with S/MIME")?

Compared to Heirloom mailx the S/MIME support has been actualized
a little bit regarding the standard RFC 5751.  E.g., if you
replace the line

  Content-Type: application/pkcs7-mime; name="smime.p7m"
with
  Content-Type: application/x-pkcs7-mime; name="smime.p7m"

then maybe that fixes the problem, though unlikely because other
MUAs use this one exclusively for some time.

More likely the culprit is the upgrade of the *smime-cipher*[1]
from des3 (DES EDE3 CBC) to aes128 (AES-128 CBC).  If i recall
correctly Heirloom used 3des for the name, so if you have set the
cipher to 3des then this could also be it.
You now can also fine-tune the message digest by setting the
*smime-sign-message-digest*[2] option, i.e., more backward
compatible:

  set mime-cipher=des3 mime-sign-message-digest=MD5

More forward compatible

  set mime-cipher=aes256 mime-sign-message-digest=sha512

  [1] https://www.sdaoden.eu/code-nail.html#429
  [2] https://www.sdaoden.eu/code-nail.html#_437

Ciao!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640190

Title:
  S/MIME encryption broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s-nail/+bug/1640190/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs