Articles in this section

All Sections

    Signing with S/MIME

    Avatar
    Erik Lax
    • Updated
    Follow

    The implementation code is available in our code repository.

    The Halon platform features support for PKCS7 signing which can be used to create S/MIME signatures. In the simplest and most common implementation you will sign the messages' body (including all the the MIME parts), restructuring the message by wrapping the original message body in a new MIME part and attaching an additional pkcs7-signature (this is commonly know as a detached signature).

    In order to do this transformation safely (and keep MIME the structure of the original message) some headers needs to be copied from the original message body the new MIME part and some needs to added to the message header. That is; the Content-Type, Content-Transfer-Encoding, Content-Disposition and MIME-Version headers needs to be copied to the new MIME body and the Content-Transfer-Encoding and Content-Disposition headers should be removed from the message header. A new Content-Type (and MIME-Version) header also needs to be added.

    The text in blue is what is protected in the S/MIME signature.

    Subject: Hello
    MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------68C49DC2C23AB181018F6038"

This is a multi-part message in MIME format.
--------------68C49DC2C23AB181018F6038
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

World
--------------68C49DC2C23AB181018F6038
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>World</p>
  </body>
</html>
--------------68C49DC2C23AB181018F6038--

    Subject: Hello
MIME-Version: 1.0
    Content-Type: multipart/signed; protocol="application/pkcs7-signature";
 micalg="sha-256"; boundary="b5d1c118-2e05-11e9-93ef-0050569a4c9c"
    
--b5d1c118-2e05-11e9-93ef-0050569a4c9c
    Content-Type: multipart/alternative;
 boundary="------------68C49DC2C23AB181018F6038"
MIME-Version: 1.0

This is a multi-part message in MIME format.
--------------68C49DC2C23AB181018F6038
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

World
--------------68C49DC2C23AB181018F6038
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>World</p>
  </body>
</html>
--------------68C49DC2C23AB181018F6038--
--b5d1c118-2e05-11e9-93ef-0050569a4c9c
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

<signature data>
--b5d1c118-2e05-11e9-93ef-0050569a4c9c--

    Related articles

    Comments

    0 comments

    Article is closed for comments.