Quantcast

Re: ReadEncryptedMail sample and SubjectKeyIdentifier instead of IssuerSerial [Outlook 2010 Hack]

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ReadEncryptedMail sample and SubjectKeyIdentifier instead of IssuerSerial [Outlook 2010 Hack]

Harakiri
--- On Wed, 8/4/10, martijn.list <[hidden email]> wrote:

>
> Harakiri wrote:
> > --- On Wed, 8/4/10, martijn.list <[hidden email]>
> wrote:
> >
> >> From: martijn.list <[hidden email]>
> >> Subject: Re: [dev-crypto] ReadEncryptedMail sample
> and
> >>
> >> What software was used to create the S/MIME
> message with
> >> the
> >> SubjectKeyIdentifier?
> >
> > Microsoft Software of course!! Outlook 2010
> >
> > http://support.microsoft.com/kb/2142236
> >
> > They synthetically generate the Subjectkeyidentifier
> when no SKI is present in the certificate, nobody knows how
> they calculated it.
> >
> > https://bugzilla.mozilla.org/show_bug.cgi?id=559243
> >
> >
> > http://www.ietf.org/mail-archive/web/smime/current/msg18730.html
> >
> > Conclusion, M$ developers, as usual violate any RFC
> they can get their hands on.



Im replying to my own thread, it seems there has been no activity regarding this issue. I see more and more Outlook 2010 encrypted messages every day, and i have to tell more and more people to use M$ registry hack - sooner or later that will not be feasible.

I am able to decrypt messages which use the SKI for certificates which do NOT have the SKI extension using openssl 1.0 with an undocumented feature - simply do not supply the public key when doing the encryption with the openssl cms --decrypt CLI.

Now, i think that bouncycastle should behave similar, there should be a way to decrypt Outlook 2010 mails (see my previous messages on the topic or see here for sample messages with private key https://bugzilla.mozilla.org/show_bug.cgi?id=559243).

Could you please modify the SMIME decryption in this way that either

a) simply use the supplied private key (if it is only one just use it)
b) only use the supplied private key if no public keys have been supplied

Please do not depend on the existence of an SKI in a cert, we will be seeing this Outlook behavior for a very long time im afraid.


     

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ReadEncryptedMail sample and SubjectKeyIdentifier instead of IssuerSerial [Outlook 2010 Hack]

martijn.list
> Im replying to my own thread, it seems there has been no activity
> regarding this issue. I see more and more Outlook 2010 encrypted
> messages every day, and i have to tell more and more people to use M$
> registry hack - sooner or later that will not be feasible.

Are you certain that Microsoft won't fix this? Because I think most
non-Microsoft S/MIME implementations won't handle the message unless a
workaround is used or a private key is explicitly selected.

> Could you please modify the SMIME decryption in this way that either
>
> a) simply use the supplied private key (if it is only one just use it)
> b) only use the supplied private key if no public keys have been supplied

What should be changed to BC's S/MIME decryption? It is already possible
to provide a private key to decrypt with, see
RecipientInformation#getContent. Or do you mean something differently?


> Please do not depend on the existence of an SKI in a cert, we will be
> seeing this Outlook behavior for a very long time im afraid.

Microsoft's implementation seems to calculate the SKI in a non-standard
way. RFC3280 suggests to use the subjectPublicKey of the
SubjectPublicKeyInfo but Microsoft's implementation uses the complete
encoded public key which is hashed with SHA1:

SHA1(certificate.getPublicKey().getEncoded())

Depending on your usage of BC, there are several work arounds. One would
be to create an extension of X509Certificate and override
#getExtensionValue and return the MS calculated SKI when queried for the
SKI extension (and when the cert does not have the SKI).

Another option would be to extend X509CertSelector and override match to
match on the non-standard SKI value.

What the best workaround is depends on your usage of BC.

Kind regards,

Martijn Brinkers

--
Djigzo open source email encryption

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ReadEncryptedMail sample and SubjectKeyIdentifier instead of IssuerSerial [Outlook 2010 Hack]

Harakiri


--- On Tue, 11/16/10, martijn.list <[hidden email]> wrote:

> From: martijn.list <[hidden email]>
> Subject: Re: [dev-crypto] ReadEncryptedMail sample and SubjectKeyIdentifier instead of IssuerSerial [Outlook 2010 Hack]
> To: "[hidden email]" <[hidden email]>
> Date: Tuesday, November 16, 2010, 3:32 AM
> > Im replying to my own thread, it
> seems there has been no activity
> > regarding this issue. I see more and more Outlook 2010
> encrypted
> > messages every day, and i have to tell more and more
> people to use M$
> > registry hack - sooner or later that will not be
> feasible.
>
> Are you certain that Microsoft won't fix this? Because I
> think most
> non-Microsoft S/MIME implementations won't handle the
> message unless a
> workaround is used or a private key is explicitly
> selected.

Given the history of Microsoft and that his issue is known for about 8 month i have verry little faith that this will get changed at all. Even then, you will realize that Outlook 2010 is being deployed as we speak and before somebody upgrades to a service pack it will take at least another year or most people wont even bother.



> What should be changed to BC's S/MIME decryption? It is
> already possible
> to provide a private key to decrypt with, see
> RecipientInformation#getContent. Or do you mean something
> differently?

I wasnt aware of that because my original request was "how to modify ReadEncryptedMail sample" and nobody could supply a workaround.


> Microsoft's implementation seems to calculate the SKI in a
> non-standard
> way. RFC3280 suggests to use the subjectPublicKey of the
> SubjectPublicKeyInfo but Microsoft's implementation uses
> the complete
> encoded public key which is hashed with SHA1:
>
> SHA1(certificate.getPublicKey().getEncoded())

That is interesting, this is the first time i heard somebody figured out how to calculate the SKI.

>
> Depending on your usage of BC, there are several work
> arounds. One would
> be to create an extension of X509Certificate and override
> #getExtensionValue and return the MS calculated SKI when
> queried for the
> SKI extension (and when the cert does not have the SKI).
>
> Another option would be to extend X509CertSelector and
> override match to
> match on the non-standard SKI value.

That sounds feasible, thank you very much.


     

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ReadEncryptedMail sample and SubjectKeyIdentifier instead of IssuerSerial [Outlook 2010 Hack]

Michael Ströder
In reply to this post by Harakiri
Harakiri wrote:
> Im replying to my own thread, it seems there has been no activity regarding
> this issue. I see more and more Outlook 2010 encrypted messages every day,
> and i have to tell more and more people to use M$ registry hack - sooner or
> later that will not be feasible.

There were plans to fix that with Office 2010 SP1. Not sure whether the fix
already made it into SP1.

Ciao, Michael.

Loading...