Search The ForumSearch   RegisterRegister  LoginLogin

MailBee.NET Security

 AfterLogic Forum : MailBee.NET Security
Subject Topic: Signer and sender do not match Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
mackolo22
Newbie
Newbie


Joined: 09 October 2018
Online Status: Offline
Posts: 35
Posted: 07 October 2019 at 10:53am | IP Logged Quote mackolo22

Hi,

I've got a problem with verifying digital signature of mail messages which have been signed using certificate obtained from this organization: https://extrassl.actalis.it/portal/uapub/freemail?lang=en

After calling Verify method, the SmimeResult.VerificationResult is set to SignerAndSenderDoNotMatch

This occurs because SmimeResult.SignatureCertificate.EmailAddress is set to empty string. I don't know if this certificate is invalid in some way or there's a problem in your library. The version of my MailBee.NET is 11.2.0.590.

I would be grateful if you could check it. :)
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2116
Posted: 07 October 2019 at 11:39am | IP Logged Quote Alex

Hi,

You can enable Smime.SetSignedCmsOnVerify, do verification and then check SignedCmsResult property. It will contain certificate information (in SignerInfos collection) based on .NET SDK functions rather than on MailBee implementation. If the certificate email is missing there too, then there is a problem with the certificate, I think.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Newbie
Newbie


Joined: 09 October 2018
Online Status: Offline
Posts: 35
Posted: 07 October 2019 at 12:44pm | IP Logged Quote mackolo22

Hi Alex,

Thanks for your response. Could you tell me in which property of Certificate should I look for email address? The subject is set to: "CN=myemailaddress@test.com". Also if I call GetNameInfo(X509NameType.EmailName, false) on Certificate, it returns my valid email address. So how MailBee is getting email address from certificate?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2116
Posted: 08 October 2019 at 1:40am | IP Logged Quote Alex

Hi,

It takes it from Subject, the format should be E=email. Also, it can take it from SubjectAlternativeName, the format should be RFC822 Name=email.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Newbie
Newbie


Joined: 09 October 2018
Online Status: Offline
Posts: 35
Posted: 08 October 2019 at 5:34am | IP Logged Quote mackolo22

Hi,

Ok, subject format is different. But SubjectAlternativeName equals "Name RFC822=email". I used this code:

Code:

var extensions = smimeResult.SignedCmsResult.SignerInfos[0].Certificate.Extensions;
foreach (X509Extension extension in extensions)
{
    AsnEncodedData data = new AsnEncodedData(extension.Oid, extension.RawData);
    string encodedData = data.Format(false);
}   
            
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
mackolo22
Newbie
Newbie


Joined: 09 October 2018
Online Status: Offline
Posts: 35
Posted: 08 October 2019 at 5:39am | IP Logged Quote mackolo22

Actually, the encodedData equals "Nazwa RFC822=email" where 'nazwa' is 'name' in Polish. Maybe that's a clue and your parser works only with OS in English version?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2116
Posted: 08 October 2019 at 8:59am | IP Logged Quote Alex

Yes, Nazwa RFC822 won't work.

The next version (will be released in a month) will have a lot of S/MIME related changes and will use another mechanism of detecting email address (via GetNameInfo) so localized attribute names won't be a problem.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Newbie
Newbie


Joined: 09 October 2018
Online Status: Offline
Posts: 35
Posted: 08 October 2019 at 9:26am | IP Logged Quote mackolo22

Thanks Alex, that's a great news! I will wait for new release.

Best regards.
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2116
Posted: 08 October 2019 at 10:21am | IP Logged Quote Alex

You can actually already test RC here:

https://afterlogic.com/updates/mailbee_net.zip

It needs v12 license key, however. You can get the trial key on the product download page if you don't have it yet.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide