1
New! Save questions or answers and organize your favorite content.
Learn more.
We have a system using Symantec's PGP Universal Web Messenger.
This means that emails are sent to me using s/mime encryption from a pkcs12 cert.
I'm having a bit of trouble reading the messages in PHP.
I have all the imap code but now how do I read the encrypted p7m attached file. Is it just Base64 encoded and signed?
EDIT: I have the public key.
Here is the mime info:-
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;\r\n\tname="Message.p7m"\r\nContent-Transfer-Encoding: BASE64\r\nContent-Disposition: attachment; filename="Message.p7m"
asked Feb 23, 2012 at 12:23
The
P7M file type is primarily associated with a PKCS #7 MIME Message
. See Section 3.2 in RFC 2311:
3.2 The application/pkcs7-mime Type The application/pkcs7-mime type is used to carry PKCS #7 objects of several types including envelopedData and signedData. The details of constructing these entities is described in subsequent sections. This section describes the general characteristics of the application/pkcs7-mime type. This MIME type always carries a single PKCS #7 object. The PKCS #7 object must always be BER encoding of the ASN.1 syntax describing the object. The contentInfo field of the carried PKCS #7 object always contains a MIME entity that is prepared as described in section 3.1. The contentInfo field must never be empty. Since PKCS #7 objects are binary data, in most cases base-64 transfer encoding is appropriate, in particular when used with SMTP transport. The transfer encoding used depends on the transport through which the object is to be sent, and is not a characteristic of the MIME type. Note that this discussion refers to the transfer encoding of the PKCS \#7 object or "outside" MIME entity. It is completely distinct from, and unrelated to, the transfer encoding of the MIME entity secured by the PKCS #7 object, the "inside" object, which is described in section 3.1. Because there are several types of application/pkcs7-mime objects, a sending agent SHOULD do as much as possible to help a receiving agent know about the contents of the object without forcing the receiving agent to decode the ASN.1 for the object. The MIME headers of all application/pkcs7-mime objects SHOULD include the optional "smime- type" parameter, as described in the following sections.
This is basically a secure E-mail file sent in encrypted form. If everything is set up properly you should have a public key necessary to decrypt the file. If not, download it.
In your case the transfer encoding is Base64. Decode the attachment first [if you don't have done this so far] and then process the binary data.
answered Feb 23, 2012 at 12:30
hakrehakre
187k48 gold badges419 silver badges804 bronze badges
3
Gửi email đã mã hóa và đã ký bằng C # [Send encrypted and signed email using C#] Tôi muốn gửi một thư được mã hóa và đã ký mà không cần sử dụng bất kỳ API của bên thứ ba nào. Nếu tôi chỉ gửi dạng xem thay thế có chữ ký, Windows Mail có thể xác thực nó. Nếu tôi chỉ gửi với chế độ xem thay thế với dữ liệu được mã hóa, Windows Mail có thể giải mã nó. Nhưng nếu tôi gửi cả hai, Windows Mail sẽ nhận được 2 tệp đính kèm. Nếu tôi ký
vào You should sign first, then encrypt. While the original CMS and S/MIME specifications allow you to do the operations in either order, later work pointed out that signing a document that you can't read is a really bad idea. The signature should be over the plain‑text. The resulting MIME message should only have
a single part, which should be S/MIME enveloped‑data. Your message has two parts, and the encrypted part is mis‑labeled with a signed‑data content‑type. Create and sign the [by
Miguel Ribeiro、erickson]Dung dịch
encodedBytes
và thêm các byte đã ký đó vào dạng xem thay thế thì nó chỉ xác thực chữ ký và thư trống. Có ý kiến gì không?
## Dung dịch #### Dung dịch 1: MailMessage message = new MailMessage[];
message.From = new MailAddress[lblMail.Text];
message.Subject = txtSubject.Text;
string body = "Content‑Type: text/plain\r\nContent‑Transfer‑Encoding: 7Bit\r\n\r\n" + structForm[];
byte[] messageData = Encoding.ASCII.GetBytes[body];
ContentInfo content = new ContentInfo[messageData];
EnvelopedCms envelopedCms = new EnvelopedCms[content];
message.To.Add[new MailAddress[provMail]];
CmsRecipient recipient = new CmsRecipient[SubjectIdentifierType.SubjectKeyIdentifier, this.certificate];
envelopedCms.Encrypt[recipient];
byte[] encryptedBytes = envelopedCms.Encode[];
SignedCms Cms = new SignedCms[new ContentInfo[encryptedBytes]];
CmsSigner Signer = new CmsSigner[SubjectIdentifierType.IssuerAndSerialNumber, new X509Certificate2[@"c:\serv.pfx","123"]];
Cms.ComputeSignature[Signer];
byte[] SignedBytes = Cms.Encode[];
MemoryStream encryptedStream = new MemoryStream[encryptedBytes];
AlternateView encryptedView = new AlternateView[encryptedStream, "application/pkcs7‑mime; smime‑type=signed‑‑data;name=smime.p7m"];
message.AlternateViews.Add[encryptedView];
MemoryStream signedStream = new MemoryStream[SignedBytes];
AlternateView signedView = new AlternateView[signedStream, "application/pkcs7‑mime; smime‑type=signed‑data;name=sig.p7m"];
message.AlternateViews.Add[signedView];
System.Net.NetworkCredential SMTPUserInfo = new System.Net.NetworkCredential["", "XXXXXX"];
SmtpClient client = new SmtpClient["smtp.xpto.com"];
client.UseDefaultCredentials = false;
client.Credentials = SMTPUserInfo;
client.Send[message];
Label2.Text = "Assinado e cifrado!";
SignedCms
object. Encode it, and use the encoded value as the content of an EnvelopedCms
object. Encrypt that, and use its encoded value as the content of your MailMessage
, with a content type of "application/pkcs7‑mime; smime‑type=enveloped‑data".Dung dịch
#mime #Encryption #C# #email #digital-signature