[imp] Some SMIME encryption issues

Chris Hastie lists at oak-wood.co.uk
Tue Jan 14 11:20:50 PST 2003


I've come across the following problems whilst experimenting with SMIME:

1)  Imp demands a private key pass phrase when encrypting to a public
    key. If the message is not being signed, a pass phrase, indeed a
    private key, should not be needed.

    The following change around line 557 in imp/compose.php seems to
    sort this out:

    Change
            /* Check to see if we have the user's passphrase yet. */
            if (!($passphrase = $imp_smime->getPassphrase())) {
                $smime_passphrase_dialog = true;
                $get_sig = false;
                $notification->push(_("S/MIME Error: Need passphrase for personal private key."), 'horde.error');
                break;
            }
    to

            /* Check to see if we have the user's passphrase yet. */
            if (!($passphrase = $imp_smime->getPassphrase()) && !($signOpt == SMIME_ENCRYPT)) {
                $smime_passphrase_dialog = true;
                $get_sig = false;
                $notification->push(_("S/MIME Error: Need passphrase for personal private key."), 'horde.error');
                break;
            }

2)  Encrypted messages contain nothing but the string "This is a
    cryptographically encrypted message in MIME format."

    Removing this line at around line 303 in lib/Crypt/smime.php (from
    encryptMIMEPart()) improves this behaviour.

        $smime_part->setContents('This is a cryptographically encrypted message in MIME format.' . "\n");

3)  Encrypting to an address that appears more than once in the address
    book causes problems. Worse, Imp claims to have delivered the
    message successfully but in fact delivers an empty text/plain
    message.

    I've seen what I take to be a related problem when attempting to
    view details of a PGP key for an address of form lastname at domain.com
    when there is also a firstname.lastname at domain.com in the address
    book (both, incidentally, with the same, valid, key). I'm assuming
    both problems are down to getting more than one result from Turba.

4)  Importing SMIME public keys gives odd behaviour. The problem at 3)
    came to light because on importing a key (from a signed message) a
    new address book entry was created, although the address already
    existed in the address book.

    Furthermore, the key in question has an "X509v3 Subject Alternative
    Name:" entry, and the second email address was inserted into the
    address book as part of the Name, eg
        Name: "Some One <address2 at domain.com>"
        Email: address1 at domain.com


-- 
Chris Hastie


More information about the imp mailing list