I had an interesting question posed ot me today by Dominic who asked me to verify whether his all new Digital certificate was correctly being used for signing mail. Thunderbird sadly complained that the signature was invalid, which was unexpected, and that the issuer was unknown ( expected since it comes form a private hierarchy.) The question then lead to where did the problem lie?
My gut feel was that it was the disclaimer being inserted by an intermediary gateway ( one has to love corpmail). Setting about proving this was the hard part. The first issue at hand wa to actually extract the certificates so I could play with the verification. Cert Viewer Plus for Thunderbird made this part a dream. Creating a modified version of the signed message was a little bit more problematic.
Trusting the command line, I started hunting around for details on OpenSSL support for SMIME, which it has. OpenSSL needs a full CA path for being able to verify SMIME signed messages. One can obtain this from various places ( such as exporting form your browser) but in a case like this where a private hierarchy was being used, its enough to just make used of a somewhat smaller subset contianing only the certificates used in this chain. These can be extracted using Cert Viewer Plus. Alternately some command line magic can be used to extract the PKCS7 formatted embedded certificates out in standard PEM format., using the following command:
openssl smime -pk7out -in mail.txt | \
openssl pkcs7 -print_certs > extract.crt
Now that we have a certificate chain we can attempt the verify. The extract.crt below can be either from the openssl method above or the Cert Viewer plus PEM dump.
openssl smime -CAfile extract.crt -verify -in mail.txt
Now we actually have a more usable error message. Although I really don’t know why I have such a deep distrust in GUI apps for actually telling me what is wrong.
Verification failure
88175:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pkcs7/pk7_doit.c:808:
88175:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pkcs7/pk7_smime.c:265:
As suspected the digest filed, which lead to a overall signature failure. The next step was to see if removing the disclaimer worked. Repeating on a slightly edited version of the the mail gave the following:
openssl smime -CAfile extract.crt -verify -in mail2.txt
...
mail contents deleted
...
Verification successful
So the original question posed was if the signature system was working correctly which it now was. The differences between the two mail files was checked using diff
diff -u mail.txt mail2.txt
--- mail.txt Mon Aug 25 18:06:33 2008
+++ mail2.txt Mon Aug 25 18:08:10 2008
@@ -61,10 +61,6 @@
South Africa
-Important Notice: This email is subject to important restrictions, qualifications
and disclaimers ("the Disclaimer") ..that all was one very long line that made
up the corporate disclaimer.....
...
------=_NextPart_000_0048_01C906C7.DB6FB700
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
From the above the only difference shown is that a mail gateway had added in a extra four lines of disclaimer and white space padding. The question now evolves as to how to provide the now pretty much ubiquitous organizational disclaimer in outgoing mail in such a way that it doesn’t trash any cryptographic operations in which the mail is involved. Ive gone back over mails from a couple of other people in corporate South Africa that I know , and the problem seems to be widespread.
The solution may be that the disclaimer as such is encapsulated as a separate MIME component, which is what interestingly one university here does ( although it insists on prepending its mime encapsulated HTML disclaimer, which makes for really ugly mail reading!)
3 responses so far ↓
1 Anonymous // Aug 25, 2008 at 22:19
So, if I tell Outlook to just send the signed bit and not send the clear text mail as well, Thunderbird reads and displays the e-mail just fine, and the sif relay attaches the disclaimer as a seperate attachment (because there is no text portion for it to append to). But, to Thunderbird’s discredit, it has happily parsed the .s7m attachment, without mentioning whether the cert is valid!
2 Barry Irwin // Aug 26, 2008 at 13:04
Yes this does seem to be a failing in the way Thunderbird processes the S/MIME packaging. With encrypted content it does seem to work however. The question also comes on whether the CERTIFICATE is valid, or whether the Signature is valid? It would appear that no warning is issued when the signature of the .s7m is found to be valid. Certificates are ignored it appears.
3 Shaun Dewberry // Sep 2, 2008 at 00:23
Ah yes, the old corporate email disclaimer that gets bolted on haphazardly at the mail gateway, often using nothing more than a sendmail rewrite kluge. I’ve been fighting the battle against email disclaimers for over 5 years, specifically because of the integrity damage it does to a message. (and also cos its just a damned waste of bandwidth)
I came up with three solutions –
1. Add an extra message header at the gateway, which references the URL of a message disclaimer (i.e. X-Disclaimer: Visit http://x.y/disclaimer). Not sure how well this gets through the legal minefield, but at least it doesn’t mess with the email.
2. Plead ignorance, stupidity or incompetence when asked to add this functionality to corporate mail servers. (”Sorry boss, I have no idea how to do that, but I think if we spend $$$++ we can get it”)
3. Try and get everyone to add the standard corporate sig/disclaimer directly in their email client.
Perhaps some sort of “network notaries” system could be setup similar to Firefox extension Perspectives (http://www.cs.cmu.edu/~perspectives/firefox.html) which could turn the above “strip and verify” manual process into something more automated.
Leave a Comment