Closed
Bug 230761
Opened 21 years ago
Closed 21 years ago
RFE: accept additional OIDs to signify RSA sigantures
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9.1
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(1 file)
1.20 KB,
patch
|
thayes0993
:
review+
|
Details | Diff | Splinter Review |
As reportted in bug 214602 and others, some SMIME email programs create signed messages, where the "digestEncryptionAlgorithm" OID in the signerInfo contains the OID 2A 86 48 86 F7 0D 01 01 05 Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) (PKCS #1) mozilla expects to receive this OID instead: 2A 86 48 86 F7 0D 01 01 01 Description = rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1) I believe that mozilla's behavior is correct here. That is, given that a signature contains a SHA1 digest, encrypted with PKCS1 RSA, I believe the correct value to use for "digestEncryptionAlgorithm" is the one that mozilla expects. However, In the spirit of the old Internet maxim: "Be generous in what you accept but strict in what you send." I think that we could change NSS to also accept this other OID without introducing any great security weakness. I will attach a patch that implements that tiny change.
Assignee | ||
Comment 1•21 years ago
|
||
With this patch, the signature on the test message appears valid.
Assignee | ||
Comment 2•21 years ago
|
||
Accepting bug for NSS 3.9.1
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → 3.9.1
Assignee | ||
Comment 3•21 years ago
|
||
Comment on attachment 138917 [details] [diff] [review] patch v1 Terry, do you think this is acceptable? and, is it a good idea?
Attachment #138917 -
Flags: review?(thayes0993)
Comment 4•21 years ago
|
||
RFC 3370 (the latest update to the CMS formats) allows implementations to support these additional OIDs. The rsaEncryption algorithm identifier is used to identify RSA (PKCS #1 v1.5) signature values regardless of the message digest algorithm employed. CMS implementations that include the RSA (PKCS #1 v1.5) signature algorithm MUST support the rsaEncryption signature value algorithm identifier, and CMS implementations MAY support RSA (PKCS #1 v1.5) signature value algorithm identifiers that specify both the RSA (PKCS #1 v1.5) signature algorithm and the message digest algorithm. The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature values is: sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 } The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature values is: md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }
Comment 5•21 years ago
|
||
Comment on attachment 138917 [details] [diff] [review] patch v1 You might also include the signature OID for RSA with MD5. However, since most new implementations use SHA-1, the gain in compatibility is probably very small.
Attachment #138917 -
Flags: review?(thayes0993) → review+
Assignee | ||
Comment 6•21 years ago
|
||
/cvsroot/mozilla/security/nss/lib/smime/cmssiginfo.c,v <-- cmssiginfo.c new revision: 1.25; previous revision: 1.24 Thanks, Terry!
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•