Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

S/MIME signed mails have signature issues in outlook and apple mail with specific subject length #32

Open
k3mpaxl opened this issue Jun 17, 2024 · 9 comments

Comments

@k3mpaxl
Copy link

k3mpaxl commented Jun 17, 2024

Hi,

I just figured out that the s/mime signature seems to be wrong if the email-subject has got a length >= 70 and <= 77 characters.

How to reproduce?

msg = Envelope("a nice and beautiful <strong><p>body</p></strong>")
msg = msg.smime()
msg = msg.signature(key=email_smime_private_key_as_string, cert=email_smime_certificate_as_string)
msg = msg.subject("1111111111111111111111111111111111111111111111111111111111111111111111")
msg.smtp(host='my host.com')
msg.send()

However, S/MIME encrypted mails don't seem to have this issue.

Do you have any clue what is wrong here? I guess is must be something with the maximum characters allowed and line breaks in SMTP communication?

Have a nice day!

@e3rd
Copy link
Member

e3rd commented Jun 17, 2024

Thanks for the investigation! I won't have to to dive into in the following days but I'm definitely interested into solving this.

@k3mpaxl
Copy link
Author

k3mpaxl commented Jun 17, 2024

Just a side note.. M2Crypto seems to be without maintenance and they are proposing a migration path: https://m2crypto.readthedocs.io/en/latest/howto.migration.html#

maybe it might make sense to tackle the issue by migrating to the modern lib?

@e3rd
Copy link
Member

e3rd commented Oct 7, 2024

My colleague is just finishing the migration. Would you mind to check if the proposed branch is working for you?

#40

@k3mpaxl
Copy link
Author

k3mpaxl commented Oct 7, 2024

Yeah, sure! Thank you for taking the time and working on this!

I've got a development environment at hand that could be used for testing.

@k3mpaxl
Copy link
Author

k3mpaxl commented Oct 11, 2024

Hi,

I've given the task to a colleague due to a upcoming vacation.
You'll probably not hear any feedback for at least one week.

Can you please notify us here once the branch is available?

Regards

@k3mpaxl
Copy link
Author

k3mpaxl commented Oct 22, 2024

Hi there!

first of all, thank you very much for the effort that you've put into the migration.

A S/MIME signed message was successfully sent out. However, S/MIME encrypted and signed HTML messages are not working as they should.

The mail is encrypted for the sender, not for the recipient.

@e3rd
Copy link
Member

e3rd commented Oct 22, 2024

Thanks a lot for having this sorted out!
I beg @adidas-official to correct the issue and add a test when dealing with #41 .

@k3mpaxl
Copy link
Author

k3mpaxl commented Oct 22, 2024

@adidas-official @e3rd

The mail was sent from A to B&C, was signed by A and encrypted only for A. In general, it makes sense that the mail is also encrypted for A because the sender would like to read his mail. However, B&C won't be able to read it, because only the first item in the list is being used.

Located in line 1400 in Envelope.py
output = self.smime_sign_encrypt(email, sign, encrypt[0])

@k3mpaxl
Copy link
Author

k3mpaxl commented Oct 23, 2024

pycryptograpy is using CRLF instead of LF and this results in not being correctly rendered in HTML mails. Therefore, I changed the encoding to binary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants