On Fri, May 14, 2004, David Gianndrea wrote: > Dr. Stephen Henson wrote: > > >If you create an email sign it and save as a draft then find the draft and > >save it as a .eml file you can try: > > > >openssl smime -pk7out -in message.eml -out mess.pem > > > >openssl asn1parse -in mess.pem > > > >you'll see things like des, rc2 and so on in there. > > > > Thanks Dr. Steve, I almost asked about the structure of this stuff. > In fear of having my head explode off my shoulders I backed away slowly > from the RFC not making any sudden movements! > > Just kidding Doc! Thanks for the info, and helping me to understand some > of this stuff. > >
It does look a bit overwhelming when you aren't used to it. The PKCS#7 structure contains certificates, signatures and all manner of other stuff. However the relavant piece is called "S/MIME Capabilities". On Mozilla 1.6 it looks like this: 2754:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities 2765:d=7 hl=2 l= 69 cons: SET 2767:d=8 hl=2 l= 67 cons: SEQUENCE 2769:d=9 hl=2 l= 10 cons: SEQUENCE 2771:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc 2781:d=9 hl=2 l= 14 cons: SEQUENCE 2783:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc 2793:d=10 hl=2 l= 2 prim: INTEGER :80 2797:d=9 hl=2 l= 13 cons: SEQUENCE 2799:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc 2809:d=10 hl=2 l= 1 prim: INTEGER :40 2812:d=9 hl=2 l= 7 cons: SEQUENCE 2814:d=10 hl=2 l= 5 prim: OBJECT :des-cbc 2821:d=9 hl=2 l= 13 cons: SEQUENCE 2823:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc 2833:d=10 hl=2 l= 1 prim: INTEGER :28 If you include the -i option it gets indented which clarifies things a bit otherwise the 'd=n' which indicates the depth makes it apparent where each structure ends. Some ciphers have associated parameters, others do not. From this you can see that triple-DES is the preferred cipher followed by RC2 with 128 and 64 bits (the numbers are in hex) then DES and finally 40 bit RC2. No AES in there at all. At some point OpenSSL should really be able to print out things like PKCS#7 structures in a friendly fashion but so far I've not been able to attract much interest in S/MIME enhancement. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
