On 03/11/2018 10:11, Hanno Böck wrote:
On Sat, 3 Nov 2018 12:28:02 +0500
Марк Коренберг <socketpair@xxxxxxxxx> wrote:
Try openssl cms ( as newer alternative to s/mime)
cms is not newer than s/mime, it's the underlying message format of
s/mime.
According to this
https://www.openssl.org/docs/man1.0.2/apps/openssl.html
it only supports deprecated cipher modes (cbc, cfb, ofb, ecb) and has
exactly the malleability vulnerability the original poster was asking
about (including a wide variety of obscure and some insecure ciphers). I
don't think this should be recommended.
For clarity, the "openssl smime" and "openssl cms" commands to
provide mostly complete cryptosystems and are used as the
S/MIME implementation for some respected e-mail clients that
also use the gpg command line for OpenPGP messages.
Also the "openssl smime" command (and underlying OpenSSL API)
has from time to time been described as superseded by the
"openssl cms" command (and API), though there are holes in the
backward compatibility.
Now the S/MIME and CMS encryption standard may suffer from lack
of integrity checks when not carefully combined with the signing
feature of that same crypto system.
There are other subcommands of the openssl command line utility
which are similarly respected high level operations rather than
the low level primitive operations also available such as "enc".
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
