Thunderbird can decrypt without private key?
Hello, I am implementing a PKCS#11 module for Thunderbird and I have stuck upon a weird behavior of Thunderbird. Let me explain: For the purposes of testing, I have created a second gmail account. I have also generated the keys and certificate for this account but only imported its certificate into Thunderbird (under the People tab in Certificate Manager) - I did that in order to be able to send encrypted messages from my primary account to this secondary account. I have my certificate and private key (for the primary account) in my token and all is properly configured in Thunderbird. Now, when I send an encrypted e-mail from my primary account to my secondary account and then try to read it (when it arrives), Thunderbird is able to decrypt it for me. I don't understand why, shouldn't that fail? I didn't give it the private key for the secondary account anywhere. From the pkcs11-spy log I can see it's calling C_DecryptInit and C_Decrypt as follows: 66: C_DecryptInit [in] hSession = 0x2 pMechanism-type=CKM_RSA_PKCS [in] hKey = 0x2 Returned: 0 CKR_OK 67: C_Decrypt [in] hSession = 0x2 [in] pEncryptedData[ulEncryptedDataLen] [size : 0x80 (128)] 4559BE33 DE12B7F1 72909126 F9F16537 8638661F 588BBCDE 2B8E2180 BC0E83BA AC1A26C0 67A25DF0 7560B64F E3E726A5 09640A4E 47540E4A D5FE2A76 2116E61E 783EC37A 5600ED67 E42988E5 D419AC4E 70395E7F 1D0FCA66 70049230 D61E698F F6DDB51B EC79FD78 68B880F6 80A3748E F874EBA9 A672C251 003B0339 E7D8384E [out] pData[*pulDataLen] [size : 0x18 (24)] 673DB607 4ABCB3E0 431A9E0D 1991BC1C DCBC0208 70076D8C Returned: 0 CKR_OK What I have learned from this mailing list in the past is that Thunderbird is trying to implement key unwrapping by calling C_DecryptInit and C_Decrypt (and apparently this is what's actually happening). However, for the unwrapping, it should use the private key for the secondary account which it doesn't have, right? Instead, it uses the private key for the primary account (hKey = 0x2) and, surprisingly, succeedes...? Please shed some light on this for me, if you know why it behaves like this. M. Kurpel -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
CMSUTIL Problem
I am on a Linux system and I am trying to send a signed email message using cmsutil and the smime toolkit but it fails with the following error: cmsutil: the corresponding cert for key (null) does not exist: Certificate key usage inadequate for attempted operation. I have a pkcs12 file I loaded into the nss database with the following command: pk12util -i Email.p12 -d ./database I have also loaded the root CA certs using: certutil -A -d ./database -n gdca-root -t CT,C,, -i gdrootca.cer certutil -A -d ./database -n gdca1 -t CT,C,, -i gdca1.cer certutil -L -d ./database shows: Stephen Moccaldi's U.S. Government ID u,u,u gdca-root CT,C, gdca1 CT,C, certutil -K -d ./database shows: 0 rsab853151eeaf438ea9f55b43bd0a5efedeac8f1a4 Stephen Moccaldi's U.S. Government ID certutil -V -n Stephen Moccaldi's U.S. Government ID -u SR -d ./database shows: certutil: certificate is valid But, when I type: cat testmsg.txt | smime -S Stephen Moccaldi's U.S. Government ID -p passwd -d ./database | mail myemailaddr...@myserver.com I get the error: cmsutil: the corresponding cert for key (null) does not exist: Certificate key usage inadequate for attempted operation. cmsutil: problem signing: Certificate key usage inadequate for attempted operation. cmsutil: NSS_Shutdown failed: NSS could not shutdown. Objects are still in use. ERROR: signature generation failed. No message, no subject; hope that's ok I get the same error when I type: cmsutil -S -N Stephen Moccaldi's U.S. Government ID -i testmsg.txt -o testmsg.signed -d ./database -p passwd Does it have anything to do with the length of the nickname? If I type the above line with one less character in the nickname it does not show (null) for the key it shows Stephen Moccaldi's U.S. Government I. The error is: cmsutil: the corresponding cert for key Stephen Moccaldi's U.S. Government I does not exist: Certificate key usage inadequate for attempted operation. Since the nickname is set in the Email.p12 file and I can't specify it, does that mean I need a new cert with a shorter friendly name? I am using NSS version 3.12.3 and nspr 4.7.6. Any help will be greatly appreciated. Thanks. Steve Moccaldi stephen.mocca...@gdc4s.com -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Thunderbird can decrypt without private key?
On 11/10/2010 05:34 AM, Matej Kurpel wrote: Hello, I am implementing a PKCS#11 module for Thunderbird and I have stuck upon a weird behavior of Thunderbird. Let me explain: For the purposes of testing, I have created a second gmail account. I have also generated the keys and certificate for this account but only imported its certificate into Thunderbird (under the People tab in Certificate Manager) - I did that in order to be able to send encrypted messages from my primary account to this secondary account. I have my certificate and private key (for the primary account) in my token and all is properly configured in Thunderbird. Now, when I send an encrypted e-mail from my primary account to my secondary account and then try to read it (when it arrives), Thunderbird is able to decrypt it for me. I don't understand why, shouldn't that fail? It doesn't fail because S/MIME encrypts the message to multiple recipients. Each recipient's public key is used to wrap the symmetric session key that the mail is encrypted with. S/MIME doesn't encode the email address of the recipient, only a pointer to the key used (either a subject key id or the subject/issuer of the certificate used to encrypt the key). When decoding an S/MIME message, the client looks for any key that it can use to decrypt the message. In your test case, it's the key from your primary account, since the sender is also an implicit recipient (the message is written into the 'Sent' folder, and the sender needs to be able to read it). If you delete your sender's private key (after backing it up, of course), you will find you won't be able to read the message. I didn't give it the private key for the secondary account anywhere. From the pkcs11-spy log I can see it's calling C_DecryptInit and C_Decrypt as follows: 66: C_DecryptInit [in] hSession = 0x2 pMechanism-type=CKM_RSA_PKCS [in] hKey = 0x2 Returned: 0 CKR_OK 67: C_Decrypt [in] hSession = 0x2 [in] pEncryptedData[ulEncryptedDataLen] [size : 0x80 (128)] 4559BE33 DE12B7F1 72909126 F9F16537 8638661F 588BBCDE 2B8E2180 BC0E83BA AC1A26C0 67A25DF0 7560B64F E3E726A5 09640A4E 47540E4A D5FE2A76 2116E61E 783EC37A 5600ED67 E42988E5 D419AC4E 70395E7F 1D0FCA66 70049230 D61E698F F6DDB51B EC79FD78 68B880F6 80A3748E F874EBA9 A672C251 003B0339 E7D8384E [out] pData[*pulDataLen] [size : 0x18 (24)] 673DB607 4ABCB3E0 431A9E0D 1991BC1C DCBC0208 70076D8C Returned: 0 CKR_OK It's using the sender's private key. If the code is calling C_DecryptInit it means it has found a private key that it thinks should work on the blob that it is trying to decrypt. What I have learned from this mailing list in the past is that Thunderbird is trying to implement key unwrapping by calling C_DecryptInit and C_Decrypt (and apparently this is what's actually happening). However, for the unwrapping, it should use the private key for the secondary account which it doesn't have, right? Instead, it uses the private key for the primary account (hKey = 0x2) and, surprisingly, succeedes...? Yup. that's because the primary account was the sender. Please shed some light on this for me, if you know why it behaves like this. M. Kurpel -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Thunderbird can decrypt without private key?
Am 10.11.2010 14:34, schrieb Matej Kurpel: Now, when I send an encrypted e-mail from my primary account to my secondary account and then try to read it (when it arrives), Thunderbird is able to decrypt it for me. I don't understand why, shouldn't that fail? I didn't give it the private key for the secondary account anywhere. The mails are usually encrypted with a symmetric session key, which is wrapped with the sender's and receiver(s) public key(s). Why the sender key? Because the message might be stored in Sent Mail, and the sender wants to be able to read that message later, too. Matthias -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can a ssl3.ca_list be configured on a model file descriptor?
Hi Wan-Teh, I was wondering if you found my patches useful? Or maybe I can help in any way. Regards, Wolter On 9/26/2010 9:07 AM, Wolter Eldering wrote: On 9/26/2010 1:39 AM, Wan-Teh Chang wrote: On Fri, Sep 24, 2010 at 11:12 PM, Wolter Eldering wolter.elder...@vanad.com.cn wrote: I've added my patches and some test results to bug: https://bugzilla.mozilla.org/show_bug.cgi?id=595134 Thank you very much! I needed to start chrome like this: chrome-linux/chrome-wrapper --single-process --enable-dnssec-certs to get the environment variables to be seen by chrome You should not use the --single-process option. It is intended for testing only. I know the main reason for using this option is to get one integrated timing report using when using NSS_DEBUG_PKCS11_MODULE=NSS Internal PKCS #11 Module You may have misunderstood the effects of --enable-dnssec-certs. I seem to remember with --enable-dnssec-certs, Chrome will still go through the normal certificate verification code path if the server's certificate (or rather, public key) is not in DNS. Wan-Teh I did not study the chrome sources in detail. I just have a quick look how NSS is used. I noticed they call CERT_GetCertChainFromCert. Many queries are required to build the chain, especially when the chain is long. That's also the reason for my other question here: What's the reason for not caching token objects for internal tokens? I use mod_nss and about 250 hosts with SSL enabled, for every call SSL_ConfigSecureServer(PRFileDesc *, CERTCertificate *, SECKEYPrivateKey *, SSL3KEAType) ssl_ConfigSecureServer(ss, cert, NULL, keyPair, kea) CERT_CertChainFromCert(sc-serverCert, certUsageSSLServer, PR_TRUE); The CA chain is 4 deep == 12 queries 250 virtual hosts/SSL_ConfigSecureServer * 12 queries = 3000 qeries I'm now setting up a test CA with a deeper CA chain to do more testing on that. Regards, Wolter -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Thunderbird can decrypt without private key?
? 2010/11/10 Robert Relyea rrel...@redhat.com On 11/10/2010 05:34 AM, Matej Kurpel wrote: Hello, I am implementing a PKCS#11 module for Thunderbird and I have stuck upon a weird behavior of Thunderbird. Let me explain: For the purposes of testing, I have created a second gmail account. I have also generated the keys and certificate for this account but only imported its certificate into Thunderbird (under the People tab in Certificate Manager) - I did that in order to be able to send encrypted messages from my primary account to this secondary account. I have my certificate and private key (for the primary account) in my token and all is properly configured in Thunderbird. Now, when I send an encrypted e-mail from my primary account to my secondary account and then try to read it (when it arrives), Thunderbird is able to decrypt it for me. I don't understand why, shouldn't that fail? It doesn't fail because S/MIME encrypts the message to multiple recipients. Each recipient's public key is used to wrap the symmetric session key that the mail is encrypted with. S/MIME doesn't encode the email address of the recipient, only a pointer to the key used (either a subject key id or the subject/issuer of the certificate used to encrypt the key). When decoding an S/MIME message, the client looks for any key that it can use to decrypt the message. In your test case, it's the key from your primary account, since the sender is also an implicit recipient (the message is written into the 'Sent' folder, and the sender needs to be able to read it). If you delete your sender's private key (after backing it up, of course), you will find you won't be able to read the message. I didn't give it the private key for the secondary account anywhere. From the pkcs11-spy log I can see it's calling C_DecryptInit and C_Decrypt as follows: 66: C_DecryptInit [in] hSession = 0x2 pMechanism-type=CKM_RSA_PKCS [in] hKey = 0x2 Returned: 0 CKR_OK 67: C_Decrypt [in] hSession = 0x2 [in] pEncryptedData[ulEncryptedDataLen] [size : 0x80 (128)] 4559BE33 DE12B7F1 72909126 F9F16537 8638661F 588BBCDE 2B8E2180 BC0E83BA AC1A26C0 67A25DF0 7560B64F E3E726A5 09640A4E 47540E4A D5FE2A76 2116E61E 783EC37A 5600ED67 E42988E5 D419AC4E 70395E7F 1D0FCA66 70049230 D61E698F F6DDB51B EC79FD78 68B880F6 80A3748E F874EBA9 A672C251 003B0339 E7D8384E [out] pData[*pulDataLen] [size : 0x18 (24)] 673DB607 4ABCB3E0 431A9E0D 1991BC1C DCBC0208 70076D8C Returned: 0 CKR_OK It's using the sender's private key. If the code is calling C_DecryptInit it means it has found a private key that it thinks should work on the blob that it is trying to decrypt. What I have learned from this mailing list in the past is that Thunderbird is trying to implement key unwrapping by calling C_DecryptInit and C_Decrypt (and apparently this is what's actually happening). However, for the unwrapping, it should use the private key for the secondary account which it doesn't have, right? Instead, it uses the private key for the primary account (hKey = 0x2) and, surprisingly, succeedes...? Yup. that's because the primary account was the sender. Please shed some light on this for me, if you know why it behaves like this. M. Kurpel -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
