[openssl-users] SMIME_read_CMS and binary signature

Viktor Dukhovni openssl-users at dukhovni.org
Thu Feb 15 05:43:11 UTC 2018



> On Feb 15, 2018, at 12:29 AM, etc at coderhacks.com wrote:
> 
> If I try SMIME_read_CMS it is working well if the signature (the 2nd MIME-part with smime-type=singed-data)
> has a Content-Transfer-Encodeing of "base64" (as it is in my example)
> 
> But It is not working if the CTE is "binary" and also the content is.

"binary" is not valid Content-Transfer-Encoding for SMIME.

RFC 2045 Section 6.2:

   Mail transport for unencoded 8bit data is defined in RFC 1652.  As of
   the initial publication of this document, there are no standardized
   Internet mail transports for which it is legitimate to include
   unencoded binary data in mail bodies.  Thus there are no
   circumstances in which the "binary" Content-Transfer-Encoding is
   actually valid in Internet mail.  However, in the event that binary
   mail transport becomes a reality in Internet mail, or when MIME is
   used in conjunction with any other binary-capable mail transport
   mechanism, binary bodies must be labelled as such using this
   mechanism.

Even if such a binary transport existed, there is no mechanism to embed
non line-oriented data inside a line-oriented MIME multipart.

If you want binary data, use DER-encoded CMS objects not SMIME.

-- 
	Viktor.



More information about the openssl-users mailing list