Erwan David wrote: > Le 16/02/2015 14:09, Michael Ströder a écrit : >> LuKreme wrote: >>> I’d assume there would be something in the headers to indicate the message >>> was encrypted. Probably some sort of milter running on your submission port >>> would be able to check this? >> I'd implement a milter or similar which looks at the Content-Type header. >> >> Typically it looks like this for S/MIME encrypted e-mails. >> >> Content-Type: application/pkcs7-mime; name="smime.p7m"; >> smime-type=enveloped-data >> >> If you're really eager with your security requirements you have to dig into >> the S/MIME structures to ensure that the encryption used is sufficiently >> strong. >> >> Another interesting issue is how to get the recipient's certs. >> > It would be more difficult to detect OpenPGP encryption, through > PGP-Mime, but also with inline encryption.
Well, with S/MIME it can be tricky too because there are all sort of MIME parts possible of course. And as said, you have to examine the PKCS#7/CMS structure in a MIME part too. Otherwise someone could use a null cipher to circumvent your check. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
