Re: Key length used in SMIME Mails

Tue, 02 Mar 2004 11:41:08 -0800 

On Tue, Mar 02, 2004, Tim Tassonis wrote:

> Hi
> 
> I've got to find out the keysize used in an S/MIME encrypted mail.
> 
> I looked around in the openssl code and tried the following:
> 
> 
> X509_ALGOR *alg;
> PKCS7 *p7;
> int p7_type;
> BIO *mail_bio *indata;
> ...
> p7 = SMIME_read_PKCS7(mail_bio, &indata);
> p7_type = OBJ_obj2nid(p7->type);
> switch (p7_type) {
>   case NID_pkcs7_signedAndEnveloped:
>     alg=p7->d.signed_and_enveloped->enc_data->algorithm;
>     break;
>   case NID_pkcs7_enveloped:
>     alg=p7->d.enveloped->enc_data->algorithm;
>     break;
>   default;
>     return;
>     break;
> }
> printf("Alg: %s\n",OBJ_nid2sn(OBJ_obj2nid(alg->algorithm)));
> printf("Len: %ld\n",ASN1_INTEGER_get(alg->parameter->value.integer));
> 
> 
> I then get the algorithm as desired:
> Alg: RC2-CBC
> or
> Alg: DES-EDE3-CBC
> 
> but the keysize is always -1:
> Key: -1
> Key: -1
> 
> 
> In pk7_attr.c (lile 110) in PKCS7_simple_smimecap, the line 134
> alg->parameter->value.integer = nbit;
> 
> implies that the keysize is stored there, as the funcion is called in pk7_smime.c 
> like this:
> PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
> 
> What am I doing wrong.
> 

That's an S/MIME capabilities attribute that is used in a signed mail to tell
the other side the capabilities a client supports.

When you received an S/MIME encrypted mail various algorithm specific
parameters are set. How the parameters are interpreted depends on the
algorithm in use and the S/MIME specifications.

alg->parameter will typically not be an ASN1_INTEGER.

For 3DES the key size is implied by the algorithm: 168 bits.

For RC2 its is not so straight forward. There is an effective key bits
parameter and the real key length which is determined by the length of the
actual key. You can't get the real key length without the private key.

Normally the effective key length for RC2 is equal to the real key length but
there are exceptions.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to