Chilkat Forum
Technologies => Digital Signatures => Topic started by: CuriousCat on March 12, 2018, 10:11:50 AM
-
I have to process SMIME messages that are signed and encrypted.
Loading a SMIME message and use "mime.Decrypt2( myCert, myPk )" seems to work fine.
But, I wanted to check that a modified message will not succeed so I decrypted the message using another tool.
I then loaded the decrypted message into a new mime object and used "mime.UnwrapSecurity()".
It returns true, but the logs shows lots of lines with:
unwrap multipart/signed: number of parts is not equal to 2
If I then modify the decrypted message and run it through the same verification, I would expect it to fail on "mime.UnwrapSecurity()" but it still returns true! The log messages are identical.
I also tried using "mime.Verify()" but I get the same result, with similar logs.
What do I need to do to be sure that UnwrapSecurity()/Verify() will fail if the message has been altered?
My code is in C# and like this:
var mime = new Chilkat.Mime();
mime.VerboseLogging = true;
mime.LoadMimeFile( "decrypted.txt" );
bool isSigned = mime.ContainsSignedParts(); // returns true
bool ok = mime.UnwrapSecurity(); // of Verify(), both returns true
Console.WriteLine( "Log: " + mime.LastErrorText );
Logs (removed lots of duplicate lines where indicated):
IsUnlocked:
ChilkatVersion: 9.5.0.72
Product is not unlocked. Make sure to call UnlockComponent first.
(leaveContext 16ms)
UnlockComponent:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: NONE
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
component: Mime
unlockCode: Start my 30-day Trial
regKeyUnlock:
product: ChilkatSMIME
hcCurDate: Mon, 12 Mar 2018 14:57:05 +0100
hcExpire: 5/2018
Component successfully unlocked using trial key
(leaveContext 15ms)
Success.
(leaveContext 15ms)
IsUnlocked:
ChilkatVersion: 9.5.0.72
(leaveContext)
LoadMimeFile:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: Start my 30-day Trial
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
path: D:\decrypted.txt
loadFileX:
(leaveContext)
numMimeBytes: 56202
loadMimeBinary:
loadMimeComplete:
findEndOfHeader2:
(leaveContext)
loadMimeHeaderText:
(leaveContext)
parseMimeBody:
(leaveContext)
(leaveContext)
(leaveContext)
Success.
(leaveContext 31ms)
NumParts:
ChilkatVersion: 9.5.0.72
NumParts: 0
(leaveContext)
ContainsEncryptedParts:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: Start my 30-day Trial
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
(leaveContext)
ContainsEncryptedParts:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: Start my 30-day Trial
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
(leaveContext 16ms)
ContainsEncryptedParts:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: Start my 30-day Trial
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
(leaveContext)
UnwrapSecurity:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: Start my 30-day Trial
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
unwrapInner2:
Unwrapping multipart/signed...
unwrapMultipartSigned:
unwrap multipart/signed: number of parts is not equal to 2
num_parts: 0
(leaveContext)
Unwrapping multipart/signed...
unwrapMultipartSigned:
unwrap multipart/signed: number of parts is not equal to 2
num_parts: 0
(leaveContext)
... cut out identical messages ...
unwrapMultipartSigned:
unwrap multipart/signed: number of parts is not equal to 2
num_parts: 0
(leaveContext)
(leaveContext 31ms)
This message was signed, but not encrypted
All signatures are valid
num_parts_signed: 30
Success.
(leaveContext 31ms)
Verify:
DllDate: Feb 12 2018
ChilkatVersion: 9.5.0.72
UnlockPrefix: Start my 30-day Trial
Architecture: Little Endian; 32-bit
Language: .NET 4.6 VS2017
VerboseLogging: 1
unwrapSignedNoRecursion:
contentType: multipart/signed
multipart signed...
unwrapMultipartSigned:
unwrap multipart/signed: number of parts is not equal to 2
num_parts: 0
(leaveContext)
(leaveContext)
(leaveContext 16ms)
-
UwrapSecurity unwraps the encryption/signature layers and the resulting MIME is thus unencrypted and unsigned. If UnwrapSecurity was successful, it would make no sense to call Verify afterwards because you no longer have signed MIME. The Verify method verifies (non-recursively) the particular MIME part on which it is called. You can call IsSigned to check to see if the MIME part is signed, and if so, then call Verify.