Some notes on OpenSSL, S/MIME, email, various RFC standards and their relations.

  

Stuff I found out myself:

OpenSSL does not like to have a period (dot) at the end of a S/MIME message (like many .EML files have as SMTP basically requires a period to terminate an email message.
Indy sometimes changes the ContentType of S/MIME messages; you can reproduce this using the CopyEml demos; preliminary fix is in IdMessageHelperUnit.pas.
They should reorganize their site to make the most current version more findable; these links help me to track down what’s new:

http://indy.fulgan.com/indy10.changelog.txt.
http://www.indyproject.org/sockets/Blogs/ChangeLog.
Installing Indy for Delphi XE – Stack Overflow.

Make sure your tools

accept the old RSA MIME types:

application/x-pkcs7-mime
application/x-pkcs7-signature
application/x-pkcs10

but emit the new RFC 2311+ MIME types:

application/pkcs7-mime
application/pkcs7-signature
application/pkcs10

emit the new RFC MIME types:

Some links I found useful:

Ruby interface to S/MIME: Maximum encryption length [SOLVED]; How to Decode/extract smime.p7m file contents of SMIME signed email using Ruby OpenSSL library – Stack Overflow.
Wikipedia:

English: S/MIME – Wikipedia, the free encyclopedia.
German: S/MIME – Wikipedia.
(the German article is more thorough)
English: PKCS – Wikipedia, the free encyclopedia.
German: PKCS – Wikipedia.

Interesting take on enhancing the “sign, then encrypt” way of security that most mail clients use: email – How to check if encrypted S/MIME message is also signed, without decrypting it – Stack Overflow.
RFCs (the obsoletes tree is important for the historic perspective)

S/MIME:

RFC 5751 – Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification.
Obsoletes:

RFC 3851 – Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification.
Obsoletes:

RFC 2633 – S/MIME Version 3 Message Specification.

RFC 5750 – Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Certificate Handling.
Obsoletes:

RFC 3850 – Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Certificate Handling.
Obsoletes:

RFC 2632 – S/MIME Version 3 Certificate Handling.

RFC 2634 – Enhanced Security Services for S/MIME.
RFC 5035 – Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility.
RFC 2311 – S/MIME Version 2 Message Specification.
RFC 2312 – S/MIME Version 2 Certificate Handling.

Encryption:

RFC 2631 – Diffie-Hellman Key Agreement Method.
RFC 5652 – Cryptographic Message Syntax (CMS).
Obsoletes:

RFC 3852 – Cryptographic Message Syntax (CMS).
Obsoletes:

RFC 3369 – Cryptographic Message Syntax.

RFC 5083 – Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type.
RFC 4853 – Cryptographic Message Syntax (CMS) Multiple Signer Clarification.
RFC 3369 – Cryptographic Message Syntax.
Obsoletes:

RFC 2630 – Cryptographic Message Syntax. (derived from PKCS7)
RFC 3211 – Password-based Encryption for CMS.

RFC 3370 – Cryptographic Message Syntax (CMS) Algorithms.
RFC 5754 – Using SHA2 Algorithms with Cryptographic Message Syntax.
RFC 2315 – PKCS #7: Cryptographic Message Syntax Version 1.5.
RFC 1421 – Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures.
Obsoletes:

RFC 1113 – Privacy enhancement for Internet electronic mail: Part I – message encipherment and authentication procedures.
Obsoletes:

RFC 1040 – Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures.
Obsoletes:

RFC 989 – Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures.

RFC 1422 – Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management.
Obsoletes:

RFC 1114 – Privacy enhancement for Internet electronic mail: Part II – certificate-based key management.

MIME, mail, mail headers, etc:

Mail headers:

RFC 6532 – Internationalized Email Headers.
Obsoletes:

RFC 5335 – Internationalized Email Headers.

RFC 6854 – Update to Internet Message Format to Allow Group Syntax in the “From:” and “Sender:” Header Fields.
RFC 2183 – Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field.
Obsoletes/Updates:

RFC 1806 – Communicating Presentation Information in Internet Messages: The Content-Disposition Header.

Mail

RFC 5322 – Internet Message Format.
Obsoletes:
RFC 2822 – Internet Message Format.
Obsoletes:

RFC 822 – STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES.

RFC 3676 – The Text/Plain Format and DelSp Parameters.
Obsoletes:

RFC 2646 – The Text/Plain Format Parameter.

MIME

RFC 4021 – Registration of Mail and MIME Header Fields.
RFC 2231 – MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations.
Obsoletes:

RFC 2184 – MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations.

RFC 2045 – Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies.
Obsoletes:

RFC 1590 – Media Type Registration Procedure.
RFC 1522 – MIME (Multipurpose Internet Mail Extensions) Part Two: Message Header Extensions for Non-ASCII Text.
RFC 1521 – MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for Specifying and Describing the Format of Internet Message Bodies.

RFC 2046 – Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types.
(see also the separate Media Types section below)
RFC 2047 – MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text.
Obsoletes: 1590, 1522, 1521.
RFC 4289 – Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures.
Obsoletes:

RFC 2048 – Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures.
Obsoletes: 1590, 1522, 1521.

RFC 2049 – Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples.
Obsoletes: 1590, 1522, 1521.
RFC 6657 – Update to MIME regarding “charset” Parameter Handling in Textual Media Types.
RFC 5147 – URI Fragment Identifiers for the text/plain Media Type.

SMTP

RFC 6531 – SMTP Extension for Internationalized Email.
Obsoletes:

RFC 5336 – SMTP Extension for Internationalized Email Addresses.

RFC 4865 – SMTP Submission Service Extension for Future Message Release.
RFC 3463 – Enhanced Mail System Status Codes.
Obsoletes:

RFC 1893 – Enhanced Mail System Status Codes.

RFC 2852 – Deliver By SMTP Service Extension.
RFC 3885 – SMTP Service Extension for Message Tracking.
RFC 4954 – SMTP Service Extension for Authentication.
Obsoletes:

RFC 2554 – SMTP Service Extension for Authentication.

RFC 5248 – A Registry for SMTP Enhanced Mail System Status Codes.

Media types:

RFC 6838 – Media Type Specifications and Registration Procedures.
Obsoletes:

RFC 4288 – Media Type Specifications and Registration Procedures.

RFC 3023 – XML Media Types.
Obsoletes:

RFC 2376 – XML Media Types.

Notifications:

RFC 3798 – Message Disposition Notification.
Obsoletes:

RFC 2298 – An Extensible Message Format for Message Disposition Notifications.

RFC 6533 – Internationalized Delivery Status and Disposition Notifications.
Obsoletes:

RFC 5337 – Internationalized Delivery Status and Disposition Notifications.

RFC 3461 – Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs).
RFC 3464 – An Extensible Message Format for Delivery Status Notifications.
Obsoletes:

RFC 1894 – An Extensible Message Format for Delivery Status Notifications.

RFC 3886 – An Extensible Message Format for Message Tracking Responses.
RFC 4468 – Message Submission BURL Extension.
RFC 6522 – The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages.
Obsoletes:

RFC 3462 – The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages.
Obsoletes:

RFC 1892 – The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages.

Via Wikipedia: via Free S/MIME providers.

Comodo – one year certificate
StartCom – one year certificate

–jeroenFiled under: Delphi, Development, OpenSSL, Power User, Security, Software Development

Comments are closed.