> I am testing ciphermail now for a short while and I am interested to see > if my emails (inbound and outbound) are EDI compliant signed and encrypted. > Currently I am only able to see if the email is > signed/decrypted/encrypted correctly through the logs. > But I am not able to see if this was EDI compliant. > > Is there any way to be sure that the compliance is given?
With EDI compliant you mean EDI@energy compliant? So, RSASSA-PSS algorithm for signing and RSAES-OAEP for encryption? The following line is logged when the email is signed: INFO Message was S/MIME signed. Signing algorithm: SHA256WithRSAAndMGF1; Sign mode: clear; MailID: b91b9438-1fde-4da0-bce7-f1033b88aa93; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #2] The "Signing algorithm" tells you which algorithm was used for signing which in this case is SHA256WithRSAAndMGF1 (which is RSA-PSS) The following line is logged when the email is encrypted: INFO Message was S/MIME encrypted. Encryption algorithm: AES128; Key size: 128; Encryption Scheme: RSAES-OAEP-SHA256; MailID: b91b9438-1fde-4da0-bce7-f1033b88aa93; Recipients: [[email protected]] (mitm.application.djigzo.james.mailets.SMIMEEncrypt) [Spool Thread #2] The "Encryption Scheme" tells you which padding algorithm is used. In this case RSAES-OAEP-SHA256 is used. For received email, the header of the email should contain the relevant info after decryption. This is however a bit harder to analyze: X-Djigzo-Info-Encryption-Recipient-0-0: [email protected], CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL/115FCD741088707366E9727452C9770//1.2.840.113549.1.1.7/OAEP Parameters The X-Djigzo-Info-Encryption-Recipient- parameters are formed as follows: ISSUER/SERIAL-NUMBER/SUBJECT-KEY-IDENTIFIER/KEY-ENCRYPTION-ALGORITHM-OID/ALGORITHM-PARAMS From the above example ISSUER: [email protected], CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL SERIAL-NUMBER: 115FCD741088707366E9727452C9770 SUBJECT-KEY-IDENTIFIER: <not set> KEY-ENCRYPTION-ALGORITHM-OID: 1.2.840.113549.1.1.7 (which is the OID for RSAES-OAEP) ALGORITHM-PARAMS: OAEP Parameters (meaning that there are additional parameters for OAEP) For decrypted email you can have multiple headers, one for each recipient the email was encrypted for. It can be that some recipients support RSAES-OAEP whereas other do not. The headers for signing are added in a similar way: X-Djigzo-Info-Signer-ID-0-1: [email protected], CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL/115FD1392A8FF07AA727558FA50B262//1.2.840.113549.1.1.10 The X-Djigzo-Info-Signer-ID- parameters are formed as follows: ISSUER/SERIAL-NUMBER/SUBJECT-KEY-IDENTIFIER/SIGNING-ALGORITHM-OID ISSUER: [email protected], CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL SERIAL-NUMBER: 115FD1392A8FF07AA727558FA50B262 SUBJECT-KEY-IDENTIFIER: <not set> SIGNING-ALGORITHM-OID: 1.2.840.113549.1.1.10 (which is the OID for RSASSA-PSS) Email which is encrypted with a different padding algorithm or signing algorithm use different OIDs. Hope this helps Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. W: https://www.ciphermail.com/ E: [email protected] T: +31 20 290 0088 _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
