|
i am trying to do simple s/mime operations with e-mail: sign, verify, encrypt, decrypt - using a valid thawte certificate stored on disc and a password i am testing the result in mozilla 1.7.3 on a gentoo system i have compiled latest versions of smp, esnacc and crypto++ it seems that i am having some trouble, as mozilla doesn't read properly the cms content in s/mime entities. please help me with one thing: i am trying to sign a message: const char *msg = "Content-Type: text/plain; charset=us-ascii; format=flowed\r\nContent-Transfer-Encoding: 7bit\r\n\r\nbau\r\n"; const int len = strlen(msg); const CSM_Buffer encapcontent(msg, len); CSM_MsgToSign msgtosign; msgtosign.SetEncapContentClear((const CSM_Buffer &)encapcontent); msgtosign.SetIncludeContentFlag(false); msgtosign.SetIncludeOrigCertsFlag(true); CSM_AppLogin *papplogin = new CSM_AppLogin; papplogin->AddLogin("libsm_free3DLL", "sm_free3DLL \"cert.p12\" password"); if (msgtosign.Sign(papplogin) == SM_NO_ERROR) printf("Signed succesfully.\n"); CSM_Buffer *hau = msgtosign.GetEncodedContentInfo(); delete hau; ((CSM_Buffer *)msgtosign.AccessEncapContentClear())->ConvertMemoryToFile("_SIGNED.tmp"); the code works ok.. i get the binary output in a file then i convert the file "_SIGNED.tmp" to base64: uuenview -b -o _SIGNED.tmp then i copy the base64 data to an mime entity in an eml file which i edit by hand and i insert the whole message into a mozilla local folder (storage file) if i use: msgtosign.SetIncludeContentFlag(true) then i use application/pcks7-mime signed-data type for the encapsulating mime entity if i use: msgtosign.SetIncludeContentFlag(false) then i use application/pkcs7-signature in a multipart/signed i even tried to base64 encode and insert into an email the outputs from the smp test program: /SMP_Check/SMP_Check which is for example: TMPFirstSignedDataBinary.dat again mozilla gave me errors like (signed, but invalid signature, encrypted with unknown method, etc). though, the messages encrypted with mozilla work even if i edit eml files, decode them, encode again, change mime entities and insert back emails to local folder storage files. in worst cases i get an (signature does not match message error) because the checksum does't match anymore, but i can still view certificate infos etc. i once decoded a signature from mozilla and in the same time buid a signature for the same content and certificate the binary files resulting were diffrent maybe it would help me if i could compare both of them in asn.1 output to see the differences, but i didn't manage to do this yet please some one tell me why the way i sign messages is not compatible with mozilla (which i think is the most representative secure mail for linux) or at least some how can i be sure that i am creating the correct cms data. as a documentation i used the sfl 2.4 api pdf, which isn't quite a practical guide, and the sources in examples. somebody wrote perhaps a tutorial or something? (i would be glad to if i knew better the sfl :) thank you!! RumburaK |