[Bug 289677] New: KMail2 S/MIME signed-only emails are formed incorrectly, non-SMIME email clients unable to display them
Nicholas Sushkin
nsushkin at sushkins.net
Fri Dec 23 16:22:06 GMT 2011
https://bugs.kde.org/show_bug.cgi?id=289677
Summary: KMail2 S/MIME signed-only emails are formed
incorrectly, non-SMIME email clients unable to display
them
Product: kmail2
Version: 2.1.1
Platform: Slackware Packages
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: crypto
AssignedTo: kdepim-bugs at kde.org
ReportedBy: nsushkin at sushkins.net
Version: 2.1.1 (using KDE 4.6.5)
OS: Linux
When sending an S/MIME clear-signed (signed but not encrypted) message, KMail2
doesn't follow S/MIME RFC correctly, resulting in a non compliant MIME header
usage. Some mail clients like iPad and Outlook Web Access are unable to show
the email body. They show empty message with a single smime.p7m attachment.
Per S/MIME RFC 2633 (http://tools.ietf.org/html/rfc2633#section-3.4), there are
two ways to send a signed-only message: application/pkcs7-mime with SignedData,
and multipart/signed. Apparently, KMail2 can send both, controlled by menu
Options/Cryptographic Message Format/SMIME Opaque or (just) SMIME.
The multipart/signed is governed by Section 3.4.3
(http://tools.ietf.org/html/rfc2633#section-3.4.3).
RFC provides a sample of a clear-signed email in
http://tools.ietf.org/html/rfc2633#section-3.4.3.3
"""
3.4.3.3 Sample multipart/signed Message
Content-Type: multipart/signed;
protocol="application/pkcs7-signature";
micalg=sha1; boundary=boundary42
--boundary42
Content-Type: text/plain
This is a clear-signed message.
--boundary42
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6
4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj
n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
7GhIGfHfYT64VQbnj756
--boundary42--
"""
However, KMail2 generates the following:
Content-Type: multipart/signed; boundary="nextPart3571509.Xs4gzcKTgc";
micalg="sha1"; protocol="application/pkcs7-signature"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: 7Bit
--nextPart3571509.Xs4gzcKTgc
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
This is a clear-signed message
--nextPart3571509.Xs4gzcKTgc
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWzCCBN0w
ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix
…
kAAAAAAAAA==
--nextPart3571509.Xs4gzcKTgc--
Reproducible: Always
Steps to Reproduce:
(Assuming an identify with a valid S/MIME certificate is configured)
New Message.
Options/Sign Message - selected
Options/Encrypt Message - unselected
Options/Formatting (HTML) - unselected
Options/Cryptiographic Message Format - S/MIME
In the message body - type "This is a clear-signed message"
Send
Actual Results:
Content-Type: multipart/signed; boundary="nextPart3571509.Xs4gzcKTgc";
micalg="sha1"; protocol="application/pkcs7-signature"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: 7Bit
--nextPart3571509.Xs4gzcKTgc
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
This is a clear-signed message
--nextPart3571509.Xs4gzcKTgc
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWzCCBN0w
ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix
…
kAAAAAAAAA==
--nextPart3571509.Xs4gzcKTgc--
Expected Results:
Content-Type: multipart/signed; boundary="nextPart3571509.Xs4gzcKTgc";
micalg="sha1"; protocol="application/pkcs7-signature"
Content-Transfer-Encoding: 7Bit
--nextPart3571509.Xs4gzcKTgc
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
This is a clear-signed message
--nextPart3571509.Xs4gzcKTgc
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWzCCBN0w
ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix
…
kAAAAAAAAA==
--nextPart3571509.Xs4gzcKTgc--
This bug is a duplicate of Bug 280245, but maybe explains better.
This bug doesn't cause a crash, but recipients with at least iPad, iPhone, and
Outlook Web are unable to read these messages.
gpg2 developer Werner Koch says it's not a problem with gpg, but with KMail
regression. http://markmail.org/message/li3nvwhg2mh7kv5n
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list