Other Applications of SSL - Implementing SSL/TLS Using Cryptography and PKI

Cryptography Reference

In-Depth Information

Protecting Email from Eavesdroppers with S/MIME

There's no reason an email with an attachment must be a multi-part/mixed type.

If there's just one attachment and nothing else, the Content-Type of the email

header can perfectly and legitimately be the type of the attachment; the

email reader just shows nothing except an attachment with no accompanying

text. S/MIME takes advantage of this by creating an application/x-pkcs7-mime

MIME type. As you can likely guess, this is another ASN.1 encoded structure.

An S/MIME encoded email message looks like this:

Received: from smtp.receiver.com ([192.168.1.1]) by smtp.sender.com

with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Apr 2010 12:42:48 -0500

MIME-Version: 1.0

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

filename=”smime.p7m”

Content-class: urn:content-classes:message

Content-Type: application/x-pkcs7-mime;smime-type=enveloped-data;

name=smime.p7m;

smime-type=enveloped-data;

name=”smime.p7m”

Subject: This message will self-destruct in 15 seconds

Date: Wed, 21 Apr 2010 12:42:47 -0500

Message-ID: <12345@smtp.receiver.com>

From: “Davies, Joshua” <joshua.davies@ImplementingSSL.com>

To: “Reader, Avid” <reader@HopefullyABeachInMaui.com>

MIAGCSqGSIb3DQEHA6CAMIACAQAxggNGMIIBnwIBADCBhjB4MRMwEQYKCZImiZPyLGQBGRY

MRUwEwYKCZImiZPyLGQBGRYFc2FicmUxEjAQBgoJkiaJk/IsZAEZFgJhZDEWMBQGCgmSJom

ARkWBkdsb2JhbDEeMBwGA1UEAxMVU2FicmUgSW5jLiBJc3N1aW5nIENBAgo84HbtAAEABSy

CsqGSIb3DQEBAQUABIIBAKHiUib4D3g8bA1AyInu2CkcB75mgMI/Sb5mQjmMNPo7Q0ypV1n

Regarding this email:

Message body: This is a base64 encoded PKCS #7 envelope for which

the email reader software must have a legitimate certifi cate in order to

display. The body is simply an attachment.

Headers: These describe the attachment in enough detail for the receiving

email reader to interpret and decode it.

Attachment: This is named via the Content-Disposition header element

in the email message itself — in the case of S/MIME, the fi lename is impor-

tant. S/MIME dictates old DOS-style three-character fi le extensions that

indicate the type of the fi le. .p7m stands for “PKCS #7 Message.” ( .p7s , in

contrast, is a PKCS #7 signature fi le.) The fi lename itself is usually smime .

PKCS #7 is slightly more complicated to parse than the X.509 certifi cates

examined in Chapter 5 because PKCS #7 allows indefi nite-length encodings. In

other words, it follows the Canonical Encoding Rules (CER) rather than the DER

Search WWH ::

Custom Search

Home