Open Bug 1597202 Opened 4 years ago Updated 9 months ago

Thunderbird S/MIME should support RSA-PSS

Categories

(MailNews Core :: Security: S/MIME, enhancement)

enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Depends on 1 open bug)

Details

Attachments

(2 files)

No description provided.
Severity: normal → S3

"RSA Signature Scheme with Appendix - Probabilistic Signature Scheme (RSASSA-PSS)"

I made a script that creates RSASSA-PSS signed emails. Th. can verify such emails.

Steps to Reproduce:

  1. make a self-signed cert (root+user bug#1523130#c8), import .p12 file, OR:
    1a. import self-signed cert (root+user) from sb:
    1b. "Authorities" tab → "Import..." → root.crt → "Trust this..."
    1c. "People" tab → "Import..." → user.crt
  2. create simple e-mail messages (headers, etc. low level stuff), see: bug#1011625#c20
    2a. create a "palette" of algorithms that we will test: -md sha1→sha512, rsa_pss_saltlen:default→custom
    2b. glue parts from openssl .p7m with email headers to .eml files
  3. create folder "tests" in "Local Folders", see: bug#1806122, bug#1688163
  4. open signedData/RSA_sha256_opaque.eml
    4a. "Copy To" → "Local Folders" → "tests"
  5. open signedData/rsassaPss_sha256_opaque.eml
    5a. "Copy To" → "Local Folders" → "tests"
  6. open first email (from "Local Folders") RSA_sha256_opaque.eml → [verification OK]
  7. open second email rsassaPss_sha256_opaque.eml → [verification OK]
    7a. "Message Is Signed"
  8. modify base64 code of the file rsassaPss_sha256_opaque.eml and import it to local folder, Th. shows:
    8a. "Digital Signature Is Not Valid" → [ OK ]

Actual results:
Th. can verify RSASSA-PSS signed emails.

Expected Results:
Th. can create and verify RSASSA-PSS signed emails.

How to enable the user to sign with RSASSA-PSS algorithm? Before sending a message / in main settings "Privacy & Security" / hidden in "Config Editor"? This option shouldn't be enabled by default.

Outlook2013 can't verify such emails, eM Client can.

rfc8017#section-8 :

   Two signature schemes with appendix are specified in this document:
   RSASSA-PSS and RSASSA-PKCS1-v1_5.  Although no attacks are known
   against RSASSA-PKCS1-v1_5, in the interest of increased robustness,
   RSASSA-PSS is REQUIRED in new applications.  RSASSA-PKCS1-v1_5 is
   included only for compatibility with existing applications.

https://github.com/cabforum/smime/blob/main/SBR.md#71311-rsa
SMIME BR's prohibits the use of RSASSA-PSS signed certificates, but their support would be a nice-to-have feature (Th. doesn't support them). The script creates regular RSA rsaEncryption (1.2.840.113549.1.1.1) signed certificates, but for testing you can make RSASSA-PSS. Relevant lines: ROOT #49 and #104, USER #114 and #170. When we have a certificate, say, RSASSA-PSS sha256, we can create signed e-mails RSASSA-PSS sha256 only (I tested it).

Standards

rfc3447/rfc8017
X.509 certificates: rfc4055, rfc5756, rfc6664#section-2.2
cms: rfc3852/rfc5652
RSASSA-PSS in cms: rfc4056
other: rfc8551#section-4.2

similar: bug#222179, bug#136289, bug#205546

related to the script (pgp keys attachment method, p7c): bug#545501, bug#540500

Links:
https://www.cs.ucdavis.edu/~rogaway/papers/exact.pdf
https://eprint.iacr.org/2001/062.pdf
https://eprint.iacr.org/2001/053

--

User-Agent:
Thunderbird 102.11.0 (64-bit), Windows 10

Reproducible: Always

Attached image karen_pss.jpg
You need to log in before you can comment on or make changes to this bug.