GNU bug report logs - #63157
29.0.60; mml-sec with EPA S/MIME signencrypt messgages are not parsed by other implementations

Previous Next

To reply to this bug, email your comments to 63157 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Timothy J. Miller" <tmiller <at> mitre.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 29.0.60; mml-sec with EPA S/MIME signencrypt messgages are not
 parsed by other implementations
Date: Fri, 28 Apr 2023 15:36:17 -0500

[Message part 1 (text/plain, inline)]

S/MIME signencrypt messages created with epg enabled are readable by
gnus-article-mode and other emacs modes, but not anything else.

Signed messages are fine.  Encrypted-only (e.g., by setting "smime" to
combined in mml-signencrypt-sytle-alist, which is not supported) is also
fine.

For example, the p7m attachment from an EPA enabled signencrypt message
will decrypt, but resulting multipart won't verify with Outlook or
gpgsm, but will verify with OpenSSL:

```
~/Documents/projects/scratch/smime
> gpgsm -d emacs.p7m > emacs.mime
gpgsm: encrypted to rsa2048 key 28AB1F8A641EF8784309B496484C16A6C5F741A0

~/Documents/projects/scratch/smime
> gpgsm --debug 1 --verify emacs.mime
gpgsm: reading options from '/Users/tmiller/.gnupg/gpgsm.conf'
gpgsm: reading options from '[cmdline]'
gpgsm: enabled debug flags: x509
gpgsm: enabled compatibility flags:
gpgsm: ksba_cms_parse failed: End of file
secmem usage: 0/16384 bytes in 0 blocks

~/Documents/projects/scratch/smime
> openssl smime -verify < emacs.mime
Content-Type: text/plain

lsakdjfhlaskjdhflaksdjhflkasdjhflkajsdhflkajshdflkjashd
alksdjuhflkasjdhflkasjdhflkasdjhflkasjdhflkasjdhflkasjdhf

--
-- T
Verification successful
```

If I configure S/MIME to use OpenSSL, signencrypt messages work just fine.

A sample decrypted MIME parts attached with the signing cert if you need
it. 

-- T


In GNU Emacs 29.0.60 (build 1, x86_64-apple-darwin20.6.0, NS
 appkit-2202.70 Version 11.7.2 (Build 20G1020)) of 2023-03-10 built on
 MM273467-PC
Windowing system distributor 'Apple', version 10.3.2022
System Description:  macOS 11.7.6

Configured using:
 'configure --disable-dependency-tracking --disable-silent-rules
 --enable-locallisppath=/usr/local/share/emacs/site-lisp
 --infodir=/usr/local/Cellar/emacs-plus <at> 29/29.0.60/share/info/emacs
 --prefix=/usr/local/Cellar/emacs-plus <at> 29/29.0.60 --with-xml2
 --with-gnutls --with-native-compilation --without-compress-install
 --without-dbus --without-imagemagick --with-modules --with-rsvg
 --with-ns --disable-ns-self-contained 'CFLAGS=-Os -w -pipe
 -march=nehalem -mmacosx-version-min=11
 -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX11.sdk
 -DFD_SETSIZE=10000 -DDARWIN_UNLIMITED_SELECT'
 'CPPFLAGS=-I/usr/local/opt/zlib/include -I/usr/local/opt/jpeg/include
 -I/usr/local/opt/icu4c/include -I/usr/local/opt/openssl <at> 1.1/include
 -F/usr/local/Frameworks
 -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX11.sdk'
 'LDFLAGS=-L/usr/local/opt/zlib/lib -L/usr/local/opt/jpeg/lib
 -L/usr/local/opt/icu4c/lib -L/usr/local/opt/openssl <at> 1.1/lib
 -L/usr/local/lib -F/usr/local/Frameworks
 -Wl,-headerpad_max_install_names
 -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX11.sdk''

Configured features:
ACL GIF GLIB GMP GNUTLS JPEG JSON LCMS2 LIBXML2 MODULES NATIVE_COMP
NOTIFY KQUEUE NS PDUMPER PNG RSVG SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM ZLIB

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: ELisp/l

Minor modes in effect:
  shell-dirtrack-mode: t
  mu4e-modeline-mode: t
  format-all-mode: t
  global-hl-todo-mode: t
  hl-todo-mode: t
  corfu-popupinfo-mode: t
  global-corfu-mode: t
  corfu-mode: t
  marginalia-mode: t
  vertico-mouse-mode: t
  vertico-mode: t
  override-global-mode: t
  global-display-line-numbers-mode: t
  display-line-numbers-mode: t
  electric-pair-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  show-paren-mode: t
  electric-layout-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  line-number-mode: t
  global-visual-line-mode: t
  visual-line-mode: t
  indent-tabs-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Load-path shadows:
None found.

Features:
(shadow emacsbug cl-print ielm em-unix em-term term disp-table ehelp
em-script em-prompt em-ls em-hist em-pred em-glob em-extpipe em-cmpl
em-dirs esh-var em-basic em-banner em-alias em-tramp tramp
tramp-loaddefs trampver tramp-integration tramp-compat shell ls-lisp
em-rebind esh-mode eshell esh-cmd esh-ext esh-opt esh-proc esh-io
esh-arg esh-module esh-groups esh-util cus-start files-x view ace-window
avy network-stream nsm mailalias py-isort dabbrev calc calc-loaddefs
rect calc-macs mm-archive sort smiley gnus-cite mail-extr textsec
uni-scripts idna-mapping uni-confusable textsec-check qp face-remap
mu4e-icalendar gnus-icalendar org-capture icalendar diary-lib
diary-loaddefs epa-file mu4e mu4e-org ob-plantuml embark-org org-element
org-persist xdg org-id org-refile avl-tree generator org ob ob-tangle
ob-ref ob-lob ob-table ob-exp org-macro org-src ob-comint org-pcomplete
pcomplete org-list org-footnote org-faces org-entities noutline outline
ob-emacs-lisp ob-core ob-eval org-cycle org-table ol org-fold
org-fold-core org-keys oc org-loaddefs org-version org-compat org-macs
format-spec mu4e-notification notifications mu4e-main mu4e-view comint
ansi-osc ansi-color ring gnus-art mm-uu mml2015 mm-view mml-smime smime
gnutls dig gnus-sum gnus-group gnus-undo gnus-start gnus-dbus dbus
gnus-cloud nnimap nnmail mail-source utf7 nnoo parse-time iso8601
gnus-spec gnus-int gnus-range gnus-win gnus nnheader range cal-menu
calendar cal-loaddefs mu4e-headers mu4e-compose mu4e-draft mu4e-actions
smtpmail mu4e-search mu4e-lists mu4e-bookmarks mu4e-mark mu4e-message
shr pixel-fill kinsoku url-file svg xml dom flow-fill hl-line
mu4e-contacts mu4e-update mu4e-folders mu4e-context mu4e-query-items
mu4e-server mu4e-modeline mu4e-vars mu4e-helpers mu4e-config mu4e-window
ido message sendmail yank-media puny dired dired-loaddefs rfc822 mml
mml-sec epa derived epg rfc6068 epg-config gnus-util mm-decode mm-bodies
mm-encode mail-parse rfc2231 rfc2047 rfc2045 mm-util ietf-drums
mail-prsvr mailabbrev mail-utils gmm-utils mailheader mu4e-obsolete
cursor-sensor time-date tutorial comp comp-cstr warnings rx format-all
language-id inheritenv my-org my-email my-plantuml my-golang project
my-jinja-yaml my-jinja2 my-yaml my-csv my-python my-hl-todo hl-todo
my-ide my-tree-sitter treesit my-eshell my-ace-window my-helpful helpful
cc-langs cc-vars cc-defs imenu trace edebug debug backtrace info-look
find-func f f-shortdoc help-fns radix-tree elisp-refs s dash
my-combobulate my-cape cape my-corfu corfu-popupinfo corfu my-embark
embark-consult consult bookmark text-property-search embark ffap
thingatpt my-orderless orderless my-marginalia marginalia my-vertico
cus-edit pp cus-load icons wid-edit vertico-mouse vertico-directory
vertico compat my-consult edmacro kmacro cl-extra help-mode
use-package-bind-key bind-key easy-mmode use-package-ensure
use-package-core modus-operandi-theme modus-themes pcase
display-line-numbers elec-pair exec-path-from-shell finder-inf my-auth
auth-source-pass py-isort-autoloads gotest-autoloads
marginalia-autoloads pyvenv-autoloads cape-autoloads go-mode-autoloads
orderless-autoloads csv-mode-autoloads go-gen-test-autoloads
consult-eglot-autoloads embark-consult-autoloads embark-autoloads
vertico-autoloads ace-window-autoloads avy-autoloads
format-all-autoloads language-id-autoloads combobulate-autoloads
inheritenv-autoloads hl-todo-autoloads consult-autoloads
corfu-terminal-autoloads popon-autoloads corfu-autoloads
compat-autoloads vc-use-package-autoloads poly-ansible-autoloads
yaml-mode-autoloads jinja2-mode-autoloads ansible-autoloads
helpful-autoloads elisp-refs-autoloads f-autoloads s-autoloads
polymode-autoloads ansible-doc-autoloads exec-path-from-shell-autoloads
plantuml-mode-autoloads info dash-autoloads package browse-url url
url-proxy url-privacy url-expand url-methods url-history url-cookie
generate-lisp-file url-domsuf url-util mailcap url-handlers url-parse
auth-source cl-seq eieio eieio-core cl-macs password-cache json subr-x
map byte-opt bytecomp byte-compile url-vars cl-loaddefs cl-lib chemacs
gv rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
vc-hooks lisp-float-type elisp-mode mwheel term/ns-win ns-win
ucs-normalize mule-util term/common-win tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
theme-loaddefs faces cus-face macroexp files window text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads kqueue cocoa ns lcms2
multi-tty make-network-process native-compile emacs)

Memory information:
((conses 16 712600 56314)
 (symbols 48 63261 3)
 (strings 32 262495 34299)
 (string-bytes 1 7453545)
 (vectors 16 72471)
 (vector-slots 8 1796940 116594)
 (floats 8 566 287)
 (intervals 56 16609 656)
 (buffers 984 33))
 

[emacs.mime (application/octet-stream, attachment)]

[cert.pem (application/octet-stream, attachment)]

Message #8 received at 63157 <at> debbugs.gnu.org (full text, mbox):

From: "Timothy J. Miller" <tmiller <at> mitre.org>
To: 63157 <at> debbugs.gnu.org
Subject: Re: [EXT] bug#63157: Acknowledgement (29.0.60; mml-sec with EPA
 S/MIME signencrypt messgages are not parsed by other implementations)
Date: Mon, 01 May 2023 08:44:12 -0500

OK, my bad re: gpgsm; I didn't grok the limits of that tool.  So strike
the "anything else" and replace it with "Outlook".  From my mucking
about:

- Clients:
  - gnus-article-mode and descendents
  - TBird
  - Outlook
  - OpenSSL smime
  - gpgsm [with p7s/p7m mime-part properly extracted]

- Signed only messages validate with all clients

- Encrypted only messages decrypt with all clients

- Sign+encrypt messages fail with Outlook.


Outlook is completely unhelpful here; with debug enabled via `defaults
write com.microsoft.Outlook LogForTroubleshooting -bool TRUE` on macOS,
this is about all I can find that's relevant:

```
05/01/2023 07:52:14.812 OUTLOOK (0x118c) 0xc6a8000 Microsoft Outlook outlook.olxhx 9tals Unexpected Actor API loadSMIMEContent succeeded but failed to unpack message
05/01/2023 07:52:14.812 OUTLOOK (0x118c) 0xc6a8000 Microsoft Outlook outlook.mail 4y8j3 Medium PreviewPane loadSMIMEContent - STOP {"DecodingIsSuccessful": false}
```

Outlookin
--
-- T

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.