Closed
Bug 230761
Opened 21 years ago
Closed 21 years ago
RFE: accept additional OIDs to signify RSA sigantures
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9.1
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(1 file)
|
1.20 KB,
patch
|
thayes0993
:
review+
|
Details | Diff | Splinter Review |
As reportted in bug 214602 and others, some SMIME email programs create
signed messages, where the "digestEncryptionAlgorithm" OID in the signerInfo
contains the OID
2A 86 48 86 F7 0D 01 01 05
Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) (PKCS #1)
mozilla expects to receive this OID instead:
2A 86 48 86 F7 0D 01 01 01
Description = rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1)
I believe that mozilla's behavior is correct here. That is, given that
a signature contains a SHA1 digest, encrypted with PKCS1 RSA, I believe
the correct value to use for "digestEncryptionAlgorithm" is the one that
mozilla expects.
However, In the spirit of the old Internet maxim:
"Be generous in what you accept but strict in what you send."
I think that we could change NSS to also accept this other OID without
introducing any great security weakness. I will attach a patch that
implements that tiny change.
|
Assignee | |
Comment 1•21 years ago
|
||
With this patch, the signature on the test message appears valid.
|
|
Assignee | |
Comment 2•21 years ago
|
||
Accepting bug for NSS 3.9.1
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → 3.9.1
|
|
Assignee | |
Comment 3•21 years ago
|
||
Comment on attachment 138917 [details] [diff] [review]
patch v1
Terry, do you think this is acceptable? and, is it a good idea?
Attachment #138917 -
Flags: review?(thayes0993)
|
||
Comment 4•21 years ago
|
||
RFC 3370 (the latest update to the CMS formats) allows implementations to
support these additional OIDs.
The rsaEncryption algorithm identifier is used to identify RSA (PKCS
#1 v1.5) signature values regardless of the message digest algorithm
employed. CMS implementations that include the RSA (PKCS #1 v1.5)
signature algorithm MUST support the rsaEncryption signature value
algorithm identifier, and CMS implementations MAY support RSA (PKCS
#1 v1.5) signature value algorithm identifiers that specify both the
RSA (PKCS #1 v1.5) signature algorithm and the message digest
algorithm.
The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature
values is:
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }
The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature
values is:
md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }
|
|
||
Comment 5•21 years ago
|
||
Comment on attachment 138917 [details] [diff] [review]
patch v1
You might also include the signature OID for RSA with MD5. However, since most
new implementations use SHA-1, the gain in compatibility is probably very
small.
Attachment #138917 -
Flags: review?(thayes0993) → review+
|
|
Assignee | |
Comment 6•21 years ago
|
||
/cvsroot/mozilla/security/nss/lib/smime/cmssiginfo.c,v <-- cmssiginfo.c
new revision: 1.25; previous revision: 1.24
Thanks, Terry!
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•