I reviewed differences between S/MIME 3.1 vs. 3.2. The OpenSSL cms utility advertises S/MIME 3.1 support which prompted me to perform this review.
1) "Section 3.4.3.2: Replace micalg parameter for SHA-1 with sha-1". RFC 3851 (S/MIME v3.1) states: -------------------------------------- The micalg parameter allows for one-pass processing when the signature is being verified. The value of the micalg parameter is dependent on the message digest algorithm(s) used in the calculation of the Message Integrity Check. If multiple message digest algorithms are used they MUST be separated by commas per [MIME- SECURE]. The values to be placed in the micalg parameter SHOULD be from the following: Algorithm Value used MD5 md5 SHA-1 sha1 SHA-256 sha256 SHA-384 sha384 SHA-512 sha512 Any other (defined separately in algorithm profile or "unknown" if not defined) -------------------------------------- RFC 5751 (S/MIME v3.2) states: -------------------------------------- The micalg parameter allows for one-pass processing when the signature is being verified. The value of the micalg parameter is dependent on the message digest algorithm(s) used in the calculation of the Message Integrity Check. If multiple message digest algorithms are used, they MUST be separated by commas per [MIME- SECURE]. The values to be placed in the micalg parameter SHOULD be from the following: Algorithm Value Used MD5 md5 SHA-1 sha-1 SHA-224 sha-224 SHA-256 sha-256 SHA-384 sha-384 SHA-512 sha-512 Any other (defined separately in algorithm profile or "unknown" if not defined) -------------------------------------- The CMS command should be made S/MIME v3.2 compliant, which to my knowledge, only involves changing the micalg parameter. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
