search

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
http://pkijs.org
Other
1.29k stars 204 forks source link

CMS/SMIME Decoding From OpenSSL CMS Utility #174

Closed koolsys closed 6 years ago

koolsys commented 6 years ago

Using the example in SMIMEEncryptionExample I'm able to decode the message with OpenSSL using:

openssl cms -decrypt -aes-128-cbc -inkey cmskey.pem

However, when I try to decode a message generated by openssl in the PKIjs example I receive an error:

ERROR DURING DECRYPTION PROCESS: DataError: The JWK "alg" member was inconsistent with that specified by the Web Crypto call

I replaced all instances of "innerHTML" with "value" in the "bundle.js" file so the example would accept user input for keys and encrypted messages.

The OpenSSL command used to make the message is this:

openssl cms -encrypt -in text2.txt -from sender@example.com -to recipient@example.com -subject Testing -aes-128-cbc -recip cmscert.pem -keyopt rsa_padding_mode:oeap

I used the following command to look at the message structures:

openssl cms -decrypt -aes-128-cbc -inkey cmskey.pem -noout -cmsout -print

I noticed the PKIjs example seems to use RSA-OEAP-512 without any obvious way to switch the behavior in the example code. OpenSSL documentation states it uses SHA1 for RSA-OAEP, and I've seen some other areas stating this is the standard. Specifically there's this forum post stating it's hard coded, and it seems to still be hard coded.

I also noticed the PKIjs example marks d.envelopedData.version as 2, and openssl leaves it unassigned.

Here's the parsed cms structure outputs of the messages:

PKIjs:

CMS_ContentInfo: 
  contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
  d.envelopedData: 
    version: 2
    originatorInfo: 
    recipientInfos:
      d.ktri: 
        version: 
        d.issuerAndSerialNumber: 
          issuer: C=RU, CN=\x00T\x00e\x00s\x00t
          serialNumber: 1
        keyEncryptionAlgorithm: 
          algorithm: rsaesOaep (1.2.840.113549.1.1.7)
          parameter: SEQUENCE:
    0:d=0  hl=2 l=  47 cons: SEQUENCE          
    2:d=1  hl=2 l=  15 cons:  cont [ 0 ]        
    4:d=2  hl=2 l=  13 cons:   SEQUENCE          
    6:d=3  hl=2 l=   9 prim:    OBJECT            :sha512
   17:d=3  hl=2 l=   0 prim:    NULL              
   19:d=1  hl=2 l=  28 cons:  cont [ 1 ]        
   21:d=2  hl=2 l=  26 cons:   SEQUENCE          
   23:d=3  hl=2 l=   9 prim:    OBJECT            :mgf1
   34:d=3  hl=2 l=  13 cons:    SEQUENCE          
   36:d=4  hl=2 l=   9 prim:     OBJECT            :sha512
   47:d=4  hl=2 l=   0 prim:     NULL              
        encryptedKey: 
          0000 - 2c 7a e5 96 54 a9 6c 0a-ec 3a 9e ca 81 c0 63   ,z..T.l..:....c
          000f - a2 92 13 ee 1c a7 4b a4-5e 8d df 5b 7f 28 86   ......K.^..[.(.
          001e - 31 84 ba 7b 5f 0e 52 73-2a de ac 29 04 1f 76   1..{_.Rs*..)..v
          002d - 28 62 ee c3 82 ed 25 a6-4f 61 41 90 72 2d 86   (b....%.OaA.r-.
          003c - 3f 34 c2 00 bc e4 0d 97-ee 64 90 56 ab 31 71   ?4.......d.V.1q
          004b - 32 df 91 65 60 f5 38 43-6d ae 18 75 09 25 b0   2..e`.8Cm..u.%.
          005a - 90 ca e8 ad 88 38 3e e2-a0 ca c2 1b a3 5c 3e   .....8>......\>
          0069 - 4a d5 c1 35 a8 32 8d 69-60 b2 30 09 96 1f c1   J..5.2.i`.0....
          0078 - 15 5b c8 68 8e 8f d6 e1-42 fa a0 10 c9 72 3c   .[.h....B....r<
          0087 - cd 43 b7 3d 97 bf aa 14-5e 4d 3f f0 cc 8d bc   .C.=....^M?....
          0096 - 23 53 02 8f d2 09 e4 d1-dc 76 47 d1 23 3b b4   #S.......vG.#;.
          00a5 - 2f 0f 94 24 9f d9 28 5f-b4 6e 06 d5 22 34 4b   /..$..(_.n.."4K
          00b4 - 92 c3 d4 a9 8a 1c 88 fd-a7 68 cd b7 85 6e 1f   .........h...n.
          00c3 - 11 f6 12 28 ff 82 0f 34-0d c0 e5 29 e5 ae 40   ...(...4...)..@
          00d2 - c7 f8 7f 8f c5 96 73 c6-b1 3b 1f ef 99 66 15   ......s..;...f.
          00e1 - 02 1c 0b b2 a4 84 83 18-0f c7 a3 80 a8 8e 7a   ..............z
          00f0 - 7a ec 9d a0 13 bd 7d c4-05 e1 ec 33 2a 0f d9   z.....}....3*..
          00ff - 29                                             )
    encryptedContentInfo: 
      contentType: pkcs7-data (1.2.840.113549.1.7.1)
      contentEncryptionAlgorithm: 
        algorithm: aes-128-cbc (2.16.840.1.101.3.4.1.2)
        parameter: OCTET STRING:
          0000 - 67 ba 5a ef 82 83 64 2a-5e 22 be fd 49 85 a3   g.Z...d*^"..I..
          000f - 24                                             $
      encryptedContent: 
        0000 - 29 a9 0a e1 0c 90 39 b2-10 c5 a4 3d d5 5d bd   ).....9....=.].
        000f - c3                                             .
    unprotectedAttrs:

OpenSSL:

CMS_ContentInfo: 
  contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
  d.envelopedData: 
    version: 
    originatorInfo: 
    recipientInfos:
      d.ktri: 
        version: 
        d.issuerAndSerialNumber: 
          issuer: C=RU, CN=\x00T\x00e\x00s\x00t
          serialNumber: 1
        keyEncryptionAlgorithm: 
          algorithm: rsaesOaep (1.2.840.113549.1.1.7)
          parameter: SEQUENCE:
    0:d=0  hl=2 l=   0 cons: SEQUENCE          
        encryptedKey: 
          0000 - 4b 44 ca 97 46 2f ed 64-4d b6 31 15 17 d4 0f   KD..F/.dM.1....
          000f - f8 3f 80 4a 8f 58 41 4f-77 42 da 74 73 aa a2   .?.J.XAOwB.ts..
          001e - 3f 69 bd 10 2e 1a 4e a8-03 27 77 4f b3 6a 5f   ?i....N..'wO.j_
          002d - 1b 3f 32 19 4e 4a 73 fa-03 15 eb c7 5a 1d bc   .?2.NJs.....Z..
          003c - be eb 95 51 58 4e 70 b2-35 fb 69 da 2f 6d cb   ...QXNp.5.i./m.
          004b - 3a 48 00 6e e0 35 fa e5-38 9a 19 37 26 e5 7a   :H.n.5..8..7&.z
          005a - a7 8a ea f8 9c 60 9f ee-af 88 ea c0 3c 5f 77   .....`......<_w
          0069 - 77 56 d9 8b 7c 1d 92 0b-ab 1e 23 e2 88 74 65   wV..|.....#..te
          0078 - ab 24 fe 4e b8 6b ff e7-3a b1 bb 01 e8 2d b9   .$.N.k..:....-.
          0087 - c9 dd 27 4e dc 63 4c 8f-0a 68 bf 8b 82 a1 a5   ..'N.cL..h.....
          0096 - 13 9b 1d b0 18 2a 1b 95-42 9e 6e 36 f8 b3 76   .....*..B.n6..v
          00a5 - 10 6f da a9 8d 24 e8 02-bf f3 f0 04 54 12 78   .o...$......T.x
          00b4 - 02 37 83 0b 9a 1b c3 78-0b 80 57 44 9f cd 4d   .7.....x..WD..M
          00c3 - 92 dd 02 6c 6a d9 22 0b-51 15 d1 a4 c9 56 78   ...lj.".Q....Vx
          00d2 - cb 8e 0e 36 94 8e 6a 2f-02 78 a2 42 46 57 bc   ...6..j/.x.BFW.
          00e1 - 82 ca 7e 0e 2a c9 38 9b-3d 2a 7c b2 62 de 94   ..~.*.8.=*|.b..
          00f0 - 7c c2 1f 9e e0 a2 14 df-9c e3 eb 30 e7 40 0d   |..........0.@.
          00ff - f9                                             .
    encryptedContentInfo: 
      contentType: pkcs7-data (1.2.840.113549.1.7.1)
      contentEncryptionAlgorithm: 
        algorithm: aes-128-cbc (2.16.840.1.101.3.4.1.2)
        parameter: OCTET STRING:
          0000 - a9 8e 35 79 30 8d 77 5d-04 58 f6 98 6c 46 d3   ..5y0.w].X..lF.
          000f - 17                                             .
      encryptedContent: 
        0000 - 65 d4 30 82 8b 1f 11 bb-87 c4 58 6c 0a 13 26   e.0.......Xl..&
        000f - 18 51 d1 37 93 ff c9 d6-34 a7 55 32 e5 a7 90   .Q.7....4.U2...
        001e - 52 6e                                          Rn
    unprotectedAttrs:
YuryStrozhevsky commented 6 years ago

@koolsys The problem fixed in latest release. Also please use a correct latest example code - seems you are using old one, or probably adopted somehow code from live example on pkijs.org.

YuryStrozhevsky commented 6 years ago

BTW - please notice that at the moment there is a problem with binary encoding in emailjs-mime-parser package. And that is why your S/MIME data must contain Content-Type: charset=binary. Without it you would see a strange side bugs like unable to decode or other weird messages.

YuryStrozhevsky commented 6 years ago

@koolsys I have updated this example - now you could set any RSA-OAEP hashing algorithm, it is not limited to SHA-512 only anymore.

YuryStrozhevsky commented 6 years ago

Moreover, this example was also updated with RSA-OAEP hashing algorithm choice.

koolsys commented 6 years ago

That was some very fast turn-around, I'm impressed. Also I can confirm bi-directional encryption and decryption between OpenSSL and PKI.js example for S/MIME encoding.