On Wed, May 12, 2004, David Gianndrea wrote: > Dr. Stephen Henson wrote: > > > >When email is signed the other side receives a list of supported ciphers. > >Many > >email applications will list these against that recipient and use an > >appropriate one: that is one that the email software supports and the > >recipient supports. > > Humm, Ok I am using mozilla as a mail client, and I have my key & cert, > the CA cert, and the receptants cert in my mail client. Now I can > send the other user a signed and encrypted email, but how would I know > what cipher is being used to sign or encrypt the the email. Looking > in the cert store there is no indication of ciphers in the cert. > > There does not appear to be a way to pick one when composing the email. > The only configuration option in the client that deals with ciphers > is under the heading of SSL indicating it is just for the web browser. > > Im trying to understand what determines if a message gets sent > encrypted with one cipher or another, and what stranght. > IE... des or des3 or aes128 or aes256 ect.... >
There are a list of supported ciphers in the signed mail which is originally sent which a client will store, these are in order of preference. There are also some default options if the certificate is stored in some other way, such as a web page. Some mail clients allow the encryption to be chosen whereas others just pick the highest preference cipher that all sides support. > Would I be correct in stating that the user cert is a seed for the > cipher ( what ever cipher that may be ) to encrypt the message? > No the user certificate just contains the public key to use. The mail client software determines which ciphers are available along with the list of preferred preferences the recipient(s) sent. > Perhaps there is a link to a doc that would help me to understand the > process better. > Well you could look at the S/MIME v2 specs, the SMIMECapabilities attribute is specified in RFC2311. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
