Chilkat Forum

Technologies => Digital Signatures => Topic started by: CuriousCat on March 12, 2018, 10:11:50 AM

Title: Verify SMIME always succeeds
Post by: CuriousCat on March 12, 2018, 10:11:50 AM

I have to process SMIME messages that are signed and encrypted. 
Loading a SMIME message and use "mime.Decrypt2( myCert, myPk )" seems to work fine.
But, I wanted to check that a modified message will not succeed so I decrypted the message using another tool.
I then loaded the decrypted message into a new mime object and used "mime.UnwrapSecurity()".
It returns true, but the logs shows lots of lines with:

            unwrap multipart/signed: number of parts is not equal to 2

If I then modify the decrypted message and run it through the same verification, I would expect it to fail on "mime.UnwrapSecurity()" but it still returns true! The log messages are identical.
I also tried using "mime.Verify()" but I get the same result, with similar logs.
 
What do I need to do to be sure that UnwrapSecurity()/Verify() will fail if the message has been altered?

My code is in C# and like this:

   var mime = new Chilkat.Mime();
   mime.VerboseLogging = true;
   mime.LoadMimeFile( "decrypted.txt" );
   bool isSigned = mime.ContainsSignedParts();  // returns true
   bool ok = mime.UnwrapSecurity(); // of Verify(), both returns true
   Console.WriteLine( "Log: " + mime.LastErrorText );


Logs (removed lots of duplicate lines where indicated):

IsUnlocked:
    ChilkatVersion: 9.5.0.72
    Product is not unlocked.  Make sure to call UnlockComponent first.
    (leaveContext 16ms)
UnlockComponent:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: NONE
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    component: Mime
    unlockCode: Start my 30-day Trial
    regKeyUnlock:
        product: ChilkatSMIME
        hcCurDate: Mon, 12 Mar 2018 14:57:05 +0100
        hcExpire: 5/2018
        Component successfully unlocked using trial key
        (leaveContext 15ms)
    Success.
    (leaveContext 15ms)
IsUnlocked:
    ChilkatVersion: 9.5.0.72
    (leaveContext)
LoadMimeFile:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: Start my 30-day Trial
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    path: D:\decrypted.txt
    loadFileX:
        (leaveContext)
    numMimeBytes: 56202
    loadMimeBinary:
        loadMimeComplete:
            findEndOfHeader2:
                (leaveContext)
            loadMimeHeaderText:
                (leaveContext)
            parseMimeBody:
                (leaveContext)
            (leaveContext)
        (leaveContext)
    Success.
    (leaveContext 31ms)
NumParts:
    ChilkatVersion: 9.5.0.72
    NumParts: 0
    (leaveContext)
ContainsEncryptedParts:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: Start my 30-day Trial
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    (leaveContext)
ContainsEncryptedParts:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: Start my 30-day Trial
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    (leaveContext 16ms)
ContainsEncryptedParts:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: Start my 30-day Trial
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    (leaveContext)
UnwrapSecurity:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: Start my 30-day Trial
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    unwrapInner2:
        Unwrapping multipart/signed...
        unwrapMultipartSigned:
            unwrap multipart/signed: number of parts is not equal to 2
            num_parts: 0
            (leaveContext)
        Unwrapping multipart/signed...
        unwrapMultipartSigned:
            unwrap multipart/signed: number of parts is not equal to 2
            num_parts: 0
            (leaveContext)
        ... cut out identical messages ...
        unwrapMultipartSigned:
            unwrap multipart/signed: number of parts is not equal to 2
            num_parts: 0
            (leaveContext)
        (leaveContext 31ms)
    This message was signed, but not encrypted
    All signatures are valid
    num_parts_signed: 30
    Success.
    (leaveContext 31ms)
Verify:
    DllDate: Feb 12 2018
    ChilkatVersion: 9.5.0.72
    UnlockPrefix: Start my 30-day Trial
    Architecture: Little Endian; 32-bit
    Language: .NET 4.6 VS2017
    VerboseLogging: 1
    unwrapSignedNoRecursion:
        contentType: multipart/signed
        multipart signed...
        unwrapMultipartSigned:
            unwrap multipart/signed: number of parts is not equal to 2
            num_parts: 0
            (leaveContext)
        (leaveContext)
    (leaveContext 16ms)

Title: Re: Verify SMIME always succeeds
Post by: Chilkat on April 03, 2018, 09:08:40 PM

UwrapSecurity unwraps the encryption/signature layers and the resulting MIME is thus unencrypted and unsigned.  If UnwrapSecurity was successful, it would make no sense to call Verify afterwards because you no longer have signed MIME.  The Verify method verifies (non-recursively) the particular MIME part on which it is called.  You can call IsSigned to check to see if the MIME part is signed, and if so, then call Verify.