Crypted & Signed from Outlook Express

Gateway
1

What do you mean with "additionally signed"? I have just tried it and
Djigzo was able to decrypt the message. Are you sure it wasn't
decrypted? Outlook express signs the message opaque (as opposed to clear
signed). An opaque signed message can only be read with a S/MIME capable
email client. Could it be that the resulting message is not encrypted
but is (opaque) signed?

Kind regards,

Martijn Brinkers

lst_hoe02(a)kwsoft.de wrote:

···

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

------------------------------------------------------------------------

Subject:
Crypted & Signed from Outlook Express
From:
lst_hoe02(a)kwsoft.de
Date:
Thu, 26 Nov 2009 13:57:39 +0100
To:
users(a)lists.djigzo.com

To:
users(a)lists.djigzo.com

Hello

today i discovered that e-mail send from Outlook Express (Vers. 6 /
XP-SP3) are not decrypted by Djigzo when they are additionally signed.
The same e-mail Signed & Crypted from Thunderbird works as expected.
The header are as follow :

Outlook
Content-Type: application/x-pkcs7-mime;
    smime-type=enveloped-data;
    boundary="----=_NextPart_000_0022_01CA6E9B.53470530";
    name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
    filename="smime.p7m"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579

Thunderbird
Content-Type: application/x-pkcs7-mime; name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message

I guess its OE doing nasty things but the question is, if there is
something Djigzo can do to decrypt the message anyway.

Many Thanks

Andreas

--
Djigzo open source email encryption

2

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

What do you mean with "additionally signed"? I have just tried it and
Djigzo was able to decrypt the message. Are you sure it wasn't
decrypted? Outlook express signs the message opaque (as opposed to clear
signed). An opaque signed message can only be read with a S/MIME capable
email client. Could it be that the resulting message is not encrypted
but is (opaque) signed?

In Outlook Express simply use both Buttons, Sign and Crypt. If i only
use Crypt for the same message the content is available as unencrypted
otherwise the mail is still one big .p7m attachment. Our Backend
Application is not S/MIME capable so we depend on Djigzo decrypting
the mail e.g. make it visible. Not sure what you mean with opaque
signed though...

Regards

Andreas

3

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

What do you mean with "additionally signed"? I have just tried it and
Djigzo was able to decrypt the message. Are you sure it wasn't
decrypted? Outlook express signs the message opaque (as opposed to clear
signed). An opaque signed message can only be read with a S/MIME capable
email client. Could it be that the resulting message is not encrypted
but is (opaque) signed?

Oh, i see. Opaque Signing is really bad for us...
Are there any other clients doing this kind of signing?

Regards

Andreas