[openssl-users] SMIME_read_CMS and binary signature
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Feb 15 05:43:11 UTC 2018
> On Feb 15, 2018, at 12:29 AM, etc at coderhacks.com wrote:
>
> If I try SMIME_read_CMS it is working well if the signature (the 2nd MIME-part with smime-type=singed-data)
> has a Content-Transfer-Encodeing of "base64" (as it is in my example)
>
> But It is not working if the CTE is "binary" and also the content is.
"binary" is not valid Content-Transfer-Encoding for SMIME.
RFC 2045 Section 6.2:
Mail transport for unencoded 8bit data is defined in RFC 1652. As of
the initial publication of this document, there are no standardized
Internet mail transports for which it is legitimate to include
unencoded binary data in mail bodies. Thus there are no
circumstances in which the "binary" Content-Transfer-Encoding is
actually valid in Internet mail. However, in the event that binary
mail transport becomes a reality in Internet mail, or when MIME is
used in conjunction with any other binary-capable mail transport
mechanism, binary bodies must be labelled as such using this
mechanism.
Even if such a binary transport existed, there is no mechanism to embed
non line-oriented data inside a line-oriented MIME multipart.
If you want binary data, use DER-encoded CMS objects not SMIME.
--
Viktor.
More information about the openssl-users
mailing list