2

我从不透明的签名 S/MIME 消息中提取消息数据时遇到问题,例如:

To: ngps@post1.com
From: ngps@mpost1.com
Subject: testing
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIHQwYJKoZIhvcNAQcCoIIHNDCCBzACAQExCzAJBgUrDgMCGgUAMIICQwYJKoZI
hvcNAQcBoIICNASCAjANClMvTUlNRSAtIFNlY3VyZSBNdWx0aXB1cnBvc2UgSW50
ZXJuZXQgTWFpbCBFeHRlbnNpb25zIFtSRkMgMjMxMSwgUkZDIDIzMTJdIC0gDQpw
cm92aWRlcyBhIGNvbnNpc3RlbnQgd2F5IHRvIHNlbmQgYW5kIHJlY2VpdmUgc2Vj
dXJlIE1JTUUgZGF0YS4gQmFzZWQgb24gdGhlDQpwb3B1bGFyIEludGVybmV0IE1J
TUUgc3RhbmRhcmQsIFMvTUlNRSBwcm92aWRlcyB0aGUgZm9sbG93aW5nIGNyeXB0
b2dyYXBoaWMNCnNlY3VyaXR5IHNlcnZpY2VzIGZvciBlbGVjdHJvbmljIG1lc3Nh
Z2luZyBhcHBsaWNhdGlvbnMgLSBhdXRoZW50aWNhdGlvbiwNCm1lc3NhZ2UgaW50
ZWdyaXR5IGFuZCBub24tcmVwdWRpYXRpb24gb2Ygb3JpZ2luICh1c2luZyBkaWdp
dGFsIHNpZ25hdHVyZXMpDQphbmQgcHJpdmFjeSBhbmQgZGF0YSBzZWN1cml0eSAo
dXNpbmcgZW5jcnlwdGlvbikuDQoNClMvTUlNRSBpcyBidWlsdCBvbiB0aGUgUEtD
UyAjNyBzdGFuZGFyZC4gW1BLQ1M3XQ0KDQpTL01JTUUgaXMgaW1wbGVtZW50ZWQg
aW4gTmV0c2NhcGUgTWVzc2VuZ2VyIGFuZCBNaWNyb3NvZnQgT3V0bG9vay4NCqCC
AxAwggMMMIICdaADAgECAgECMA0GCSqGSIb3DQEBBAUAMHsxCzAJBgNVBAYTAlNH
MREwDwYDVQQKEwhNMkNyeXB0bzEUMBIGA1UECxMLTTJDcnlwdG8gQ0ExJDAiBgNV
BAMTG00yQ3J5cHRvIENlcnRpZmljYXRlIE1hc3RlcjEdMBsGCSqGSIb3DQEJARYO
bmdwc0Bwb3N0MS5jb20wHhcNMDAwOTEwMDk1ODIwWhcNMDIwOTEwMDk1ODIwWjBZ
MQswCQYDVQQGEwJTRzERMA8GA1UEChMITTJDcnlwdG8xGDAWBgNVBAMTD00yQ3J5
cHRvIENsaWVudDEdMBsGCSqGSIb3DQEJARYObmdwc0Bwb3N0MS5jb20wXDANBgkq
hkiG9w0BAQEFAANLADBIAkEAoz3zUF0dmxSU+1fso+eTdmjDY71gWNeXWX28qsBJ
0UFmq4JCtw7Gv4fJ0TZgQHVIrXgKrUvzsquu8eiVjuP/NwIDAQABo4IBBDCCAQAw
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
dGlmaWNhdGUwHQYDVR0OBBYEFMcQhEeJ1x9d+8Rzag9yjCiutYKOMIGlBgNVHSME
gZ0wgZqAFPuHI2nrnDqTFeXFvylRT/7tKDgBoX+kfTB7MQswCQYDVQQGEwJTRzER
MA8GA1UEChMITTJDcnlwdG8xFDASBgNVBAsTC00yQ3J5cHRvIENBMSQwIgYDVQQD
ExtNMkNyeXB0byBDZXJ0aWZpY2F0ZSBNYXN0ZXIxHTAbBgkqhkiG9w0BCQEWDm5n
cHNAcG9zdDEuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAKy2cWa2BF6cbBPE4ici
//wOqkLDbsI3YZyUSj7ZPnefghx9EwRJfLB3/sXEf78OHL7yV6IMrvEVEAJCYs+3
w/lspCMJC0hOomxnt0vjyCCd0JeaEwihQGbOo9V0reXzrUy8yNkwo1w8mMSbIvqh
+D5uTB0jKL/ml1EVLw3NJf68MYIBwTCCAb0CAQEwgYAwezELMAkGA1UEBhMCU0cx
ETAPBgNVBAoTCE0yQ3J5cHRvMRQwEgYDVQQLEwtNMkNyeXB0byBDQTEkMCIGA1UE
AxMbTTJDcnlwdG8gQ2VydGlmaWNhdGUgTWFzdGVyMR0wGwYJKoZIhvcNAQkBFg5u
Z3BzQHBvc3QxLmNvbQIBAjAJBgUrDgMCGgUAoIHYMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDcxNTE1MDkzN1owIwYJKoZIhvcN
AQkEMRYEFI/KcwJXhIg0bRzYLfAtDhxRMzghMHkGCSqGSIb3DQEJDzFsMGowCwYJ
YIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw
DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMA0GCSqGSIb3DQEBAQUABEAPrw12PT+5T9kftixVi+MzE/SLZnOJqw9x
2q1YcztjY4drOJi6CH8bHOlfb1nXr/mBQuijLA5wFl22PDGTrlZ5

这实际上是由来自demo/smime/sign test.py 的 M2Crypto (0.21.1)函数生成的不透明 S/MIME 签名(未加密)消息opaque.p7 。数据显然包含消息,例如可以通过以下方式显示:。openssl smime -verify -noverify -in opaque.p7

不幸的是,当我想通过以下方式获取数据时:

p7, data = M2Crypto.SMIME.smime_load_pkcs7('opaque.p7')

不幸的是,dataNone。这只是不透明 S/MIME 变体的问题,因为clear.p7.

我想这可能是一些兼容性问题,我的 OpenSSL 版本是 1.0.1e (Debian Wheezy)。我想知道是否有人让它工作。

更新

这是修改后的 test.py 的输出(此处为原始),以证明对于清晰和不透明的 S/MIME 消息,M2Crypto 正确提取签名者证书,但不从不透明的 SMIME 中提取数据:

test encrypt/decrypt... ok
test sign & save... ok
test load & verify opaque... ok
  DATA: ''
  SIGNERS: ['C=AU, ST=Some-State, O=Internet Widgits Pty Ltd']
test load & verify clear... ok
  DATA: 'actual message'
  SIGNERS: ['C=AU, ST=Some-State, O=Internet Widgits Pty Ltd']
test sign/verify... ok

test.py 已修补,因为它在许多地方都失败了..

--- M2Crypto-0.21.1.orig/demo/smime/test.py 2011-01-15 20:10:06.000000000 +0100
+++ M2Crypto-0.21.1/demo/smime/test.py  2013-07-16 16:37:57.224845942 +0200
@@ -6,18 +6,7 @@
 
 from M2Crypto import BIO, Rand, SMIME, X509
 
-ptxt = """
-S/MIME - Secure Multipurpose Internet Mail Extensions [RFC 2311, RFC 2312] - 
-provides a consistent way to send and receive secure MIME data. Based on the
-popular Internet MIME standard, S/MIME provides the following cryptographic
-security services for electronic messaging applications - authentication,
-message integrity and non-repudiation of origin (using digital signatures)
-and privacy and data security (using encryption).
-
-S/MIME is built on the PKCS #7 standard. [PKCS7]
-
-S/MIME is implemented in Netscape Messenger and Microsoft Outlook.
-"""
+ptxt = 'actual message'
 
 def makebuf():
     buf = BIO.MemoryBuffer(ptxt)
@@ -27,14 +16,14 @@
     print 'test sign & save...',
     buf = makebuf()
     s = SMIME.SMIME()
-    s.load_key('client.pem')
-    p7 = s.sign(buf)
+    s.load_key('client_.pem')
+    p7 = s.sign(buf, flags=SMIME.PKCS7_DETACHED)
     out = BIO.openfile('clear.p7', 'w')
     out.write('To: ngps@post1.com\n')
     out.write('From: ngps@post1.com\n')
     out.write('Subject: testing\n')
     buf = makebuf() # Recreate buf, because sign() has consumed it.
-    s.write(out, p7, buf)
+    s.write(out, p7, buf, flags=SMIME.PKCS7_DETACHED)
     out.close()
 
     buf = makebuf()
@@ -50,36 +39,42 @@
 def verify_clear():
     print 'test load & verify clear...',
     s = SMIME.SMIME()
-    x509 = X509.load_cert('client.pem')
+    x509 = X509.load_cert('client_.pem')
     sk = X509.X509_Stack()
     sk.push(x509)
     s.set_x509_stack(sk)
     st = X509.X509_Store()
-    st.load_info('ca.pem')
+    st.load_info('client_.pem')
     s.set_x509_store(st)
     p7, data = SMIME.smime_load_pkcs7('clear.p7')
-    v = s.verify(p7)
-    if v:
+    data_s = data.read() if isinstance(data, BIO.BIO) else ''
+    v = s.verify(p7, BIO.MemoryBuffer(data_s))
+    if v and (v == ptxt):
         print 'ok'
     else:
         print 'not ok'
+    print '  DATA: %r' % (data_s,)
+    print '  SIGNERS: %r' % ([ x.get_subject().as_text() for x in p7.get0_signers(sk)],)
     
 def verify_opaque():
     print 'test load & verify opaque...',
     s = SMIME.SMIME()
-    x509 = X509.load_cert('client.pem')
+    x509 = X509.load_cert('client_.pem')
     sk = X509.X509_Stack()
     sk.push(x509)
     s.set_x509_stack(sk)
     st = X509.X509_Store()
-    st.load_info('ca.pem')
+    st.load_info('client_.pem')
     s.set_x509_store(st)
     p7, data = SMIME.smime_load_pkcs7('opaque.p7')
-    v = s.verify(p7, data)
-    if v:
+    data_s = data.read() if isinstance(data, BIO.BIO) else ''
+    v = s.verify(p7, makebuf()) # here we are verify against ptxt, since we get no data
+    if v and (v == ptxt):
         print 'ok'
     else:
         print 'not ok'
+    print '  DATA: %r' % (data_s,)
+    print '  SIGNERS: %r' % ([ x.get_subject().as_text() for x in p7.get0_signers(sk)],)
     
 def verify_netscape():
     print 'test load & verify netscape messager output...',
@@ -102,31 +97,32 @@
     s = SMIME.SMIME()
 
     # Load a private key.
-    s.load_key('client.pem')
+    s.load_key('client_.pem')
 
     # Sign.
-    p7 = s.sign(buf)
+    p7 = s.sign(buf, flags=SMIME.PKCS7_DETACHED)
 
     # Output the stuff.
+    buf = makebuf()
     bio = BIO.MemoryBuffer()
-    s.write(bio, p7, buf)
+    s.write(bio, p7, buf, flags=SMIME.PKCS7_DETACHED)
     
     # Plumbing for verification: CA's cert.
     st = X509.X509_Store()
-    st.load_info('ca.pem')
+    st.load_info('client_.pem')
     s.set_x509_store(st)
 
     # Plumbing for verification: Signer's cert.
-    x509 = X509.load_cert('client.pem')
+    x509 = X509.load_cert('client_.pem')
     sk = X509.X509_Stack()
     sk.push(x509)
     s.set_x509_stack(sk)
 
     # Verify.
     p7, buf = SMIME.smime_load_pkcs7_bio(bio)
-    v = s.verify(p7, flags=SMIME.PKCS7_DETACHED)
-    
-    if v:
+    v = s.verify(p7, buf, flags=SMIME.PKCS7_DETACHED)
+
+    if v and (v == ptxt):
         print 'ok'
     else:
         print 'not ok'

client.pem 包含过期的证书,所以它使用自签名的 client_.pem,它是由生成的openssl req -new -x509 -newkey rsa -nodes -keyout client_.pem -out client_.pem

(请注意,测试加载和验证不透明测试用例假装成功,因为验证步骤已更改为针对原始已知文本进行验证)

4

1 回答 1

2

我认为这里的主要误解是,对于“ multipart/signed”以外的 MIME 类型,smime_load_pkcs7()意味着None元组的第二部分返回,SMIME.SMIME.verify()并且意味着None它的第二个参数。

当您调用时s.verify(a, b),这并不意味着“验证签名a与消息匹配b”,而是意味着“验证 PKCS7 结构a具有有效的签名,给定 SMIME 对象上的 x509 存储和堆栈s。哦,如果a有分离的消息,您可以在 中找到消息部分b。”

如果您想修复您的verify_opaque()功能,请完全取出这些data_s东西,然后放回原始s.verify(p7, data)调用。如果v == ptxt,则原始消息的提取按预期进行并且签名得到验证。如果您仍想打印出“DATA:”行,请v使用data_s.

如果您的问题是关于如何从任意不透明签名消息中获取原始消息数据,看起来您应该获得一个有效的M2Crypto.SMIME.SMIME上下文ss.verify()使用它调用!这不是我以前需要自己做的操作,所以我可能缺少一些简单的 API,但据我所知,M2Crypto 没有公开任何更简单的方法。至少,如果您没有要检查的有效证书集,或者您不在乎,您可以像使用 openssl cmdline 工具一样将PKCS7_NOVERIFY标志传递给调用。s.verify()

于 2013-07-20T09:07:59.860 回答