[Top] [All Lists]

RE: Determining if a message has multiple layers without processing any of them

2003-06-14 17:39:32
In S/MIME, the layering is done using id-data elements for each
successive layer, since each layer is MIME encoded.  As soon as you
encounter an EnvelopedData, you basically have to stop unless you have
access to the plaintext contents.  In the mainstream case of signed,
then encrypted, I'm afraid that there isn't a way to determine the inner
S/MIME wrappings without the keying material for the EnvelopedData.  So
a pseudo-code algorithm for finding the types, given a top-level MIME
entity would probably be:
1. Determine the type of this entity by examining the Content-Type and
possibly the Content-Disposition and possibly the MIME decoded content
2. If it's not a CMS type, then done
3. Add the CMS type to the list of types encountered
4. If the CMS type is id-envelopedData, and there is no keying material
to decrypt the data, then done
5. If there is no inner MIME data for this type (a certificates/CRLs
only SignedData, for instance), then done
6. Unwrap the inner MIME data, and set it to the current MIME entity
7. Go to step 1
There is not a way to parse the BER recursively to find the big picture
of the layers, so you're pretty much going to have to parse out the MIME
One observation -- the smime-type parameter is a hint to the top level
parser about what might be inside.  So it could very well be lying.  In
practice I have seen some instances of:
Content-Type: application/octet-stream
Content-Disposition: attachment;filename='smime.p7m'
(Sorry if the MIME is lousy, but you get the point).  In that case, you
have to bust open the top-level ContentInfo and extract the contentType
field to determine the CMS type of the data inside.

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Darrell 
Sent: Saturday, June 14, 2003 7:43 AM
To: 'ietf-smime(_at_)imc(_dot_)org'
Subject: Determining if a message has multiple layers without processing
any of them


I am currently attempting to determine if there is anything in the
S/MIME standard that would allow me to determine if a message was, for
example, signed then encrypted, without processing any of the security

My understanding of the smime-type parameter is that it only applies to
the current layer of security, so for example, a message that was signed
and then encrypted will have an outer smime-type of enveloped-data with
no clue that there is a signature layer within.

Any insight into this is much appreciated. 


<Prev in Thread] Current Thread [Next in Thread>