On 30. 1. 2011 10:57, Nelson B Bolyard wrote:
On 2011-01-29 06:41 PDT, Matej Kurpel wrote:
Hello,
as far as I know, Thunderbird sends encrypted e-mails as an attachment
named "smime.p7m".
Can anybody let me briefly know what this file contains?
Yes, it contains a message in the "Cryptographic Message Syntax" (CMS).
CMS is NOT SIMPLE. To understand how it works, and its role in SMIME
you really should read and grasp the related IETF RFC standards.
They're not small, nor for the faint of heart. But if you want to grok
CMS, there's no shortcut.. On second thought, there might be some
textbooks...
Does that mean the p7m file contains multiple copies of the same
message, each copy encrypted using a different key?
No. Well ... depends on how you define "the same message". The email
message (or other major payload) is encrypted once with one key using
some symmetric cipher (e.g. AES). Then (in some sense) that one key
(which is small) becomes a new message, which is separately encrypted
multiple times, once for each recipient. Yes, the P7M holds all those
encrypted copies of the key that encrypts the main message, and of course,
the ciphertext produced with that key, And cert chains, and capabilities,
and ... it's like bread from Bembleman's Bakery, it's what everyone wants. :)
Thank you. Is the symmetric (e.g. AES) key encrypted directly with
public keys of the recipients or is it encrypted using some more
ephemeral symmetric keys for each recipient and those ephemeral keys are
encrypted using the public keys? I thought the second was true but now
it wouldn't make sense... Need to clarify it for myself :)
Also, it looks like it contains some certificates. Unfortunately, the
software I am using (ASN.1 Editor) doesn't read the p7m file despite the
fact that it looks as a DER-encoded file at a first glance (even after
removing the zero-byte padding).
Not DER. It's BER. Zero-byte padding? Indefinite length encoding!
Anyone can shed some light on the contents of "smime.p7m" ?
Thanks in advance,
M. Kurpel
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
