Hello Martijn, thank you for your detailed answer. Yes I mean EDI@energy and I must have overlooked the log details that the padding is included in the message. This can be parsed easily which is enough in my opinion.
Thank you for your help. Kind regards, Tom Am Mo., 15. Juni 2020 um 14:51 Uhr schrieb Martijn Brinkers < [email protected]>: > > I am testing ciphermail now for a short while and I am interested to see > > if my emails (inbound and outbound) are EDI compliant signed and > encrypted. > > Currently I am only able to see if the email is > > signed/decrypted/encrypted correctly through the logs. > > But I am not able to see if this was EDI compliant. > > > > Is there any way to be sure that the compliance is given? > > With EDI compliant you mean EDI@energy compliant? So, RSASSA-PSS > algorithm for signing and RSAES-OAEP for encryption? > > The following line is logged when the email is signed: > > INFO Message was S/MIME signed. Signing algorithm: > SHA256WithRSAAndMGF1; Sign mode: clear; MailID: > b91b9438-1fde-4da0-bce7-f1033b88aa93; Recipients: [[email protected]] > (mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #2] > > The "Signing algorithm" tells you which algorithm was used for signing > which in this case is SHA256WithRSAAndMGF1 (which is RSA-PSS) > > The following line is logged when the email is encrypted: > > INFO Message was S/MIME encrypted. Encryption algorithm: AES128; Key > size: 128; Encryption Scheme: RSAES-OAEP-SHA256; MailID: > b91b9438-1fde-4da0-bce7-f1033b88aa93; Recipients: [[email protected]] > (mitm.application.djigzo.james.mailets.SMIMEEncrypt) [Spool Thread #2] > > The "Encryption Scheme" tells you which padding algorithm is used. In > this case RSAES-OAEP-SHA256 is used. > > For received email, the header of the email should contain the relevant > info after decryption. This is however a bit harder to analyze: > > X-Djigzo-Info-Encryption-Recipient-0-0: [email protected], > CN=MITM > Test CA, L=Amsterdam, ST=NH, > C=NL/115FCD741088707366E9727452C9770//1.2.840.113549.1.1.7/OAEP Parameters > > The X-Djigzo-Info-Encryption-Recipient- parameters are formed as follows: > > > ISSUER/SERIAL-NUMBER/SUBJECT-KEY-IDENTIFIER/KEY-ENCRYPTION-ALGORITHM-OID/ALGORITHM-PARAMS > > From the above example > > ISSUER: [email protected], CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL > > SERIAL-NUMBER: 115FCD741088707366E9727452C9770 > > SUBJECT-KEY-IDENTIFIER: <not set> > > KEY-ENCRYPTION-ALGORITHM-OID: 1.2.840.113549.1.1.7 (which is the OID for > RSAES-OAEP) > > ALGORITHM-PARAMS: OAEP Parameters (meaning that there are additional > parameters for OAEP) > > For decrypted email you can have multiple headers, one for each > recipient the email was encrypted for. It can be that some recipients > support RSAES-OAEP whereas other do not. > > The headers for signing are added in a similar way: > > X-Djigzo-Info-Signer-ID-0-1: [email protected], CN=MITM Test CA, > L=Amsterdam, ST=NH, > C=NL/115FD1392A8FF07AA727558FA50B262//1.2.840.113549.1.1.10 > > The X-Djigzo-Info-Signer-ID- parameters are formed as follows: > > ISSUER/SERIAL-NUMBER/SUBJECT-KEY-IDENTIFIER/SIGNING-ALGORITHM-OID > > ISSUER: [email protected], CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL > > SERIAL-NUMBER: 115FD1392A8FF07AA727558FA50B262 > > SUBJECT-KEY-IDENTIFIER: <not set> > > SIGNING-ALGORITHM-OID: 1.2.840.113549.1.1.10 (which is the OID for > RSASSA-PSS) > > Email which is encrypted with a different padding algorithm or signing > algorithm use different OIDs. > > Hope this helps > > Kind regards, > > Martijn Brinkers > > > -- > CipherMail email encryption > Email encryption with support for S/MIME, > OpenPGP, PDF encryption and secure webmail pull. > > W: https://www.ciphermail.com/ > E: [email protected] > T: +31 20 290 0088 >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
