alex
commented
2 weeks ago I'm pretty sure that you're double-SMIME-encoding the data.
Open ikreb7 opened 2 weeks ago
alex
commented
2 weeks ago I'm pretty sure that you're double-SMIME-encoding the data.
ikreb7
commented
2 weeks ago I'm pretty sure that you're double-SMIME-encoding the data.
Thanks for your response! What do you mean exactly?
alex
commented
2 weeks ago I mean that you're both using the SMIME encoding option with the PKCS7SignatureBuilder and also doing your own SMIME encoding. I think this may be duplicating portions of it.
ikreb7
commented
2 weeks ago I mean that you're both using the
SMIMEencoding option with thePKCS7SignatureBuilderand also doing your own SMIME encoding. I think this may be duplicating portions of it.
Right. I updated the code. But it still doesn't work.
ikreb7
commented
2 weeks ago OK. I make the example more simple, but here are the From, To and Subject headers invisible.
message = EmailMessage()
message["From"] = formataddr(parseaddr(f"Github <{from_addr}>"))
message["To"] = to_addr
message["Date"] = formatdate(localtime=True)
message["Auto-Submitted"] = "auto-generated"
message["Subject"] = Header("Signed Mail", "utf-8").encode()
message.preamble = "This is an S/MIME signed message"
body = "This a plain text body!"
message.set_content(body)
ca_cert = open("cert.pem", "rb").read()
ca_key = open("key.pem", "rb").read()
cert = x509.load_pem_x509_certificate(ca_cert)
key = serialization.load_pem_private_key(ca_key, None)
options = [pkcs7.PKCS7Options.DetachedSignature]
signed_text = (
pkcs7.PKCS7SignatureBuilder()
.set_data(message.as_bytes())
.add_signer(cert, key, hashes.SHA256())
.sign(serialization.Encoding.SMIME, options)
)
server_name = "localhost"
with smtplib.SMTP() as server:
server.set_debuglevel(True)
server.connect(server_name, port=25)
server.sendmail(from_addr, to_addr, signed_text)This is the mail text
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="===============5864291155697480492=="
# the headers have to be here. Then it works.
This is an S/MIME signed message
--===============5864291155697480492==
From: No-reply <noreply@github.com>
To: receiver@github.com
Date: Mon, 26 Aug 2024 20:58:25 +0100
Auto-Submitted: auto-generatedThis is the same problem like #10664.
ikreb7
commented
2 weeks ago The problem is that the header is in the body of the message and is then not taken into account by the mail program. So this solves the problem but seems to be a dirty hack.
header = f"""From: {formataddr(parseaddr(f"Github <{from_addr}>"))}
To: {to_addr}
Date: {formatdate(localtime=True)}
Auto-Submitted: auto-generated
Subject: {Header("Signed Mail", "utf-8").encode()}
"""
signed_text = header.encode() + signed_text
Hello,
I try to sign a mail with cryptography but I have still problems. There was the issue #4488. But at that time, S/MIME support was not yet so advanced.
This is my code, but I have still the problem, that Thunderbird show that the mail isn't signed and outlook shows that the mail is signed, but don't open the mail.