[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Who has tried some or all of the S/MIME examples?


Hi folks,

Test results for S/MIME Examples-10; the libraries which were used for
these tests: - AuthentiDate's Java Security Provider (AJSP 1.5)
             - various Java algorithm engines

4. Trivial

4.1 ContentInfo with Data type, BER

Tested content equals ExContent: ok
Tested content type is Data: ok

4.2 ContentInfo with Data type, DER

Tested content equals ExContent: ok
Tested content type is Data: ok

5. SignedData

Note: All occurrences of the signatureAlgorithm DSA have been silently
replaced by DSAwithSHA for our tests since this will be happen also
in the next version of this draft.

5.1 Basic, DSS/DSA

Signed by Alice (DSS/DSA): ok
without attribute certificates: ok
just her cert included in the certificates field: ok
no crl: ok
no signed attributes: ok
no unsigned attributes: ok
the message is exContent: ok
message in included in encap content: ok

5.2 Basic, RSA

Signed by Alice (RSA): ok
without attribute certificates: ok
just her cert included in the certificates field: ok
no crl: ok
no signed attributes: ok
no unsigned attributes: ok
the message is exContent: ok
message in included in encap content: ok

5.3 Basic, DSS/DSA, detached

Signed by Alice (DSS/DSA): ok
without attribute certificates: ok
just her cert included in the certificates field: ok
no crl: ok
no signed attributes: ok
no unsigned attributes: ok
the message is exContent: ok
message is not included in encap content: ok
hash values are equal: ok

5.4 Fancier signed content

Signed by Alice (DSS/DSA): ok
without attribute certificates: ok
include signers cert: AliceDSA *and* AliceRSA: ok
include root cert: ok
crl included: ok (CarlDSSCRLForAll.crl)
signed attributes: found 3
 (1) ContentType   1.2.840.113549.1.9.3
 (2) Signing Time  1.2.840.113549.1.9.5
 (3) MessageDigest 1.2.840.113549.1.9.4

unsigned attributes: found 1
 (1) CounterSignature 1.2.840.113549.1.9.6
     CounterSignature could be verified: ok

the message is exContent: ok
message in included in encap content: ok

Note: - includes also AliceRSA certificate.
      - the countersigner is not Diane, but AliceRSA
      - if Diane is performing the countersignature, her
        cert should be also included in the certificate
        field of the signed data.
        (like AliceRSA cert)
      - the content hint attribute is not included

5.5 All RSA signed message

Signed by Alice (RSA): ok
without attribute certificates: ok
include signer cert: ok
include root cert: ok
no crl: ok
no signed attributes: ok
no unsigned attributes: ok
the message is exContent: ok
message in included in encap content: ok

5.6 Multiple signers

Signed by Alice (DSS/DSA): ok
Signed by Diane (DSS/DSA): ok
no attribute certificates: ok
both signing certs included: ok
no crl: ok
no signed attributes (both): ok
no unsigned attributes (both): ok
the message is exContent: ok
message in included in encap content: ok

Note: Since the key params of Diane are inherited
from Carls key, it whould be nice to have also his
certificate included in the certificate list.

5.7 Signing using SKI

Signed by Alice (DSS/DSA): ok
without attribute certificates: ok
include signer cert: ok
no crl: ok
no signed attributes: ok
no unsigned attributes: ok
the message is exContent: ok
message in included in encap content: ok

5.8 S/MIME clear signed

Message can be parsed: ok

the signatureContainer body part is the one from Chapter 5.3: ok
the signatureContainer is the one from Chapter 5.3: *no*, since
the detached content differs (prepended <CR><LF>).
S/MIME message can be verified: ok

5.9 S/MIME opaque

Message can be parsed: ok
the signatureContainer body part is the one from Chapter 5.1: ok
the signatureContainer is the one from Chapter 5.3: *no*, since
the encap content differs (prepended <CR><LF>).
S/MIME message can be verified: ok

5.10 SignedData with Attributes

no certificate: ok
without attribute certificates: ok
no crl: ok

signed attributes: found 10

 (1)  ContentType 	1.2.840.113549.1.9.3
 (2)  MessageDigest	1.2.840.113549.1.9.4
 (3)  1.2.5555
 (4)  ContentHint	1.2.840.113549.1.9.16.2.4
      -> contentType (Oid) 1.2.3.6.5.4
 (5)  S/Mime capabilities 1.2.840.113549.1.9.15
 (6)  SecurityLabel 	 1.2.840.113549.1.9.16.2.2
 (7)  ContentReference 	 1.2.840.113549.1.9.16.2.10
 (8)  EncryptionKeyPreference	1.2.840.113549.1.9.16.2.11
 (9)  ML ExpandHistory 	 1.2.840.113549.1.9.16.2.3
 (10) EquivalentLabels 	 1.2.840.113549.1.9.16.2.9

no unsigned attributes: ok
the message is exContent: ok
message in included in encap content: ok

Signed by Alice (DSS/DSA): *no*
the message is exContent: ok
message in included in encap content: ok

Note: *Message could not be verified*

5.11 CertsCrlsOnly signed message

no content: ok
no signer: ok
one crl: ok (CarlDSSCRLForAll.crl)
Carl's (root) certificate included: ok
Alice's certificate included: ok

6. Enveloped Data

Note: No KeyAgreeRecipientInfo EnvelopedData could be decrypted due
to the fact that Sun's JCE/JCA only covers PKCS#3 DH KeyParameter. We'll
have to fix it.

6.1 TripleDES / DH

could be parsed: ok
could be decrypted: n/a
clearText is exContent.bin: n/a
no unprotectedAttributes: ok
no originator info: ok

Note: "An EnvelopedData from Alice to Bob", but where are Alics's DH keys? (Just to be sure that the public key is from Alice)

6.2 TripleDES / RSA

could be parsed: ok
could be decrypted: ok
clearText is exContent.bin: ok
no unprotectedAttributes: ok
no originator info: ok

6.3 RC2/40 / RSA

could be parsed: ok
could be decrypted: ok
clearText is exContent.bin: ok
no unprotectedAttributes: ok
no originator info: ok

6.4

could be parsed: ok
could be decrypted: n/a
clearText is exContent.bin: n/a
no unprotectedAttributes: ok
no originator info: ok

6.5

could be parsed: ok
could be decrypted: n/a
clearText is exContent.bin: n/a
no unprotectedAttributes: ok
no originator info: ok

6.6

could be parsed: ok
could be decrypted: n/a

6.7 RC2/40 / RSA

could be parsed: ok
could be decrypted: ok
clearText is exContent.bin: ok
no unprotectedAttributes: ok
no originator info: ok

6.8

could be parsed: ok
could be decrypted: n/a

6.9

could be parsed: ok
could be decrypted: ok
clearText is exContent.bin: ok
no originator info: ok
found unprotectedAttributes: ok
 (1) 1.2.5555
 (2) ContentHint 1.2.840.113549.1.9.16.2.4 -> 1.2.3.6.5.4

6.10

could be parsed: ok
could be decrypted: n/a

6.11

could be parsed: ok
could be decrypted: n/a

7 Digested Data

not supported

8 Encrypted Data

not supported anymore (sorry)

9 Authenticated Data

not supported

10 Key Wrapping

10.1 RC2

not tested

10.2 3DES

wrapping: ok
unwrapping: ok

11 ESS

not supported (yet)


Best Regards,

Holger Ebel


----------------------------------------------------------------------------
Paul Hoffman / IMC wrote:


Greetings again. The WG chairs have announced that we are in the WG last call for draft-ietf-smime-examples-10.txt. As editor of the document, I'd like to find out who has looked at the examples in this particular draft and/or tried them out? If you have done so, could you send a list of the examples you have reviewed and a short description of how you reviewed them? You can send it to me personally, or to the two lists. Please post even if you have seen other people post about the same examples: we want to know how deep our coverage is. Thanks!

--Paul Hoffman, Director
--Internet Mail Consortium