Re: S/MIME encryption and automatic certificate selection

From: Michel Gallant (mitchg_at_sympatico.ca)
Date: 09/30/03 

Date: Mon, 29 Sep 2003 21:28:49 -0400

Thomas,
The way this works is when a mail client generates a signed
message, the mail client *can* (actually it SHOULD) add a
"sMIMECapabilities" (OID 1.2.840.113549.1.9.15)
extension to the CMS/PKCS #7 SignedData blob. That extension
contains an ordered encoded list of the senders symmetric key
encryption capabilities (for example, NN 4.x typically has 3DES).

If you signed to YOURSELF, your OE client obviously knows your
CSP encryption capabilities and uses approprate strong key sizes.

If you simply receive or install a certificate from a 3rd party, that contains
absolutely no information about the owners own local encryption engine
capability, so defaults to typically RC2 40 bit, guaranteed to work, but,
as I have "sandboxed" before, surely a tad of a security risk (novice users
will encrypt, thinking all is secure, not realizing that RC2 40 bit is quite easily
hacked!).

Also, if you get someone's public key from the CA database (like VeriSign) who
issued it, again, when installed to OE/O, it will have no idea of symmetric key
encryption capabilities, and thus the entry in OE PAB will specify only 40 bit strength!

I have requested that OE have a choice to FORCE use of higher encryption to
users, without specific info. (i.e. security over possible inconvenience if end user
DOESN'T have strong crypto available).

Note that certificate themselves can ALSO be issued with embedded SMimeCapabilities
extensions, but I don't believe ANY commercial CA's include that with their
issued Personal/SMIME certs. So, only the signature-block extension can be used
for that.

You could manually use CryptoAPI to add SMIMECapabilities as an authenticated
attribute but that is probably not what you want.

You may wish to search the CAPICOM archives for SMIMECAPABILITIES. This
was discussed at length over the past year.

 - Michel Gallant
   MVP Security

Thomas Pornin wrote:

> Hello,
>
> I have Outlook Express installed (version 5.50.4522.1200 on a Win2k
> SP2 host). If I want to send an encrypted e-mail to someone (let's
> call him Bob), the usual way is the following: Bob should have sent
> me beforehand a signed e-mail. This signed e-mail contains Bob's
> certificate and S/MIME preferences. When I read Bob's signed e-mail with
> Outlook Express, OE automatically creates a "Contact" entry referencing
> Bob's certificate, and Bob's certificate is automatically added to the
> CryptoAPI certificate store "AddressBook". Then, when I want to send an
> encrypted e-mail to Bob, all I have to do is push the "encrypt" button
> and OE handles everything.
>
> Now let's suppose that:
> -- I do not have a contact entry for Bob;
> -- I do not have a signed e-mail from Bob;
> -- I do have Bob's certificate in the CryptoAPI "AddressBook" certificate
> store.
>
> How can I send an encrypted e-mail to Bob ? So far, the only solution
> I have found is the following:
> 1. I open the certificate store viewer from OE (or Internet Explorer),
> select Bob's certificate, and export it in a file;
> 2. I create a new contact entry for Bob;
> 3. I import Bob's certificate into the contact entry from the file;
> 4. I can now send an encrypted e-mail to Bob.
>
> This is complex (especially the export/import bit) and this is not
> complete (OE will send an e-mail with 40-bit encryption). Is there
> anything better ?
>
> By the way, if I own a certificate (I have the certificate on the "My"
> certificate store, and the corresponding private key inside some CSP on
> my workstation), I can *without any specific prior action such as
> creating a contact or specifying some security-related settings*:
> -- sign e-mails;
> -- send encrypted e-mails to myself.
> And it happens that the encryption uses then a 168-bit key by default,
> which is good.
>
> I would really like to have something like that for e-mails sent to Bob.
>
> This situation arises from a software which my company developped. That
> software implements a remote storage of certificates (both private
> and correspondants certificates) and private keys. Technically,
> this software uses a CSP (for private keys) and two certificate
> store providers (registered with CryptRegisterOIDFunction() and
> CertRegisterPhysicalStore()). With this software, a roaming user can
> access securely his private keys and certificates, including the
> certificates from his correspondants, from any machine on which the
> software is installed. For the solution to be really complete, the user
> should be able to access also his address book, at least the part needed
> for sending encrypted e-mails.
>
> Thanks for any information,
>
> --Thomas Pornin
>
> PS: by the way, I have exactly the same questions with Outlook instead
> of Outlook Express.

Quantcast