SMIME Note

Note on S/MIME Signature Verification

M. Gallant 07/01/2002

To manually verify a signed S/MIME message with detached content, the entire MIME entity representing the content must be passed to the verification routine. In the full S/MIME email sample appended below, the MIME entity that is actually signed is:

Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Test

where a final CR/LF is included in the data to be hashed/signed. If the content to be signed for S/MIME is binary or not 7 bit ASCII, the data is transfer encoded, typically as BASE64 which is then signed, packaged as pkcs #7, base64 encoded and finally wrapped as a MIME entity application/x-pkcs7-signature, similar to the text content sample below.
CDO facilitates constructing, signing and verification of S/MIME messages.

To: "Mitch Gallant" <neutron@istar.ca> Subject: Signed from OE Date: Sun, 30 Jun 2002 15:12:08 -0400 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0012_01C22048.805E6800" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mozilla-Status: 8009 X-Mozilla-Status2: 00000000 X-UIDL: 5ec7c9d390588171ba025db7cd30de8e This is a multi-part message in MIME format. ------=_NextPart_000_0012_01C22048.805E6800 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Test ------=_NextPart_000_0012_01C22048.805E6800 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKGDCCAjww ggGlAhAyUDPPUNFW81yBrWVcT8glMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYD VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yMDAxMDcyMzU5NTlaMF8xCzAJ BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIea BpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg 1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQBLRGZgaGTkmBvzsHLm lYl83XuzlcAdLtjYGdAtND3GUJoQhoyqPzuoBPw3UpXD2cnbzfKGBsSxG/CCiDBCjhdQHGR6uD6Z SXSX/KwCQ/uWDFYEJQx8fIedJKfY8DIptaTfXaJMxRYyqEL2Raa2Nrngv2U2k8LS12vc3lnWojX4 RTCCAy4wggKXoAMCAQICEQDSdi6NFAw9fbKoJV2v7g11MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo3wwejARBglghkgBhvhCAQEEBAMCAQYw RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t L3JlcG9zaXRvcnkvUlBBMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB AgUAA4GBAIi4Nzvd2pQ3AK2qn+GBAXEekmptL/bxndPKZDjcG5gMB4ZbhRVqD7lJhaSV8Rd9Z7R/ LSzdmkKewz60jqrlCwbe8lYq+jPHvhnXU0zDvcjjF7WkSUJj7MKmFw9dWBpJPJBcVaNlIAD9GCDl X4KmsaiSxVhqwY0DPOvDzQWikK5uMIIEojCCBAugAwIBAgIQBUy90AsJrAtbnO8CULdhXDANBgkq hkiG9w0BAQIFADCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWdu IFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEg SW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEg Q0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDAeFw0wMTA3MTYw MDAwMDBaFw0wMjA3MTYyMzU5NTlaMIIBFDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVw b3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNv bmEgTm90IFZhbGlkYXRlZDEzMDEGA1UECxMqRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUg RnVsbCBTZXJ2aWNlMRowGAYDVQQDFBFNaWNoZWwgSS4gR2FsbGFudDEfMB0GCSqGSIb3DQEJARYQ bmV1dHJvbkBpc3Rhci5jYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArhVFIlTAjJT15fRb 5ApeSTR2qCHRTEd84dqW7vTUhDMHmeW7yi2u9j22OjvmguowBhuss7Nb+nvx7zyXGC0DUjjRFDHa 1Zfb88MCcFIY4TLrmsOKpuIgYA9/p96nMFrZ94ycklxJdf4qgDpsxfOX2IL6B697dLEaGrsJe0mg xgECAwEAAaOCATgwggE0MAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZIAYb4RQEHAQEw gY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIw VjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVy ZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMBEGCWCGSAGG+EIBAQQEAwIHgDAwBgpghkgB hvhFAQYHBCIWIDU2NzlmNWRkY2IwMjdiYTVlY2JlNDM4ODNmM2IxZjQ5MDMGA1UdHwQsMCowKKAm oCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNzMS5jcmwwDQYJKoZIhvcNAQECBQADgYEA T4VgN9GjbFMUl9M4KSBnpn++i7QLZt1oQMXfVySIzIFxwBVlxNeG8Lnnij8JEtHR69BaLmzJC0mH HfDiS1dlqX5cADfKNI921HjTdNy5c1cgLQ9LLp6CRnX39ahkCtCp5i7TlvSdw42Gf+bWNGifNfxI 8JQ4t3e0L8l+IaeG2h0xggJFMIICQQIBATCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5j b20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMT P1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZh bGlkYXRlZAIQBUy90AsJrAtbnO8CULdhXDAJBgUrDgMCGgUAoIG6MBgGCSqGSIb3DQEJAzELBgkq hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAyMDYzMDE5MTIwOFowIwYJKoZIhvcNAQkEMRYEFEsU ojJZ7zb2jyeLK36X+8NFEY05MFsGCSqGSIb3DQEJDzFOMEwwCgYIKoZIhvcNAwcwDgYIKoZIhvcN AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIdMA0G CSqGSIb3DQEBAQUABIGArKLcgRxQAyuy92T6WHKZwXsQdXeEFlUOQBiAqwkn2V3r4iwnWHLlcCLW 0VBPfQTO1+NjxbcE2wQ8mVCdiK7gqA9LSoJLP8pjdtF2k/AgHijxB/ELzrHD1SmuVCX5ypkHl8Bk dJc/xuc/vxQ4XJtWZfd415pR5GZ1KcbHDDbjcBsAAAAAAAA= ------=_NextPart_000_0012_01C22048.805E6800--