'Re: [dev-crypto] Discrepancy b/n v1.34 and v1.39?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] Discrepancy b/n v1.34 and v1.39?
From:       David Hook <dgh () lockboxlabs ! com>
Date:       2008-06-19 6:16:25
Message-ID: 1213856185.3870.41.camel () echidna
[Download RAW message or body]


JavaMail 1.4 or earlier seems to work okay - the reason for the problem
with the later version of BC mail is actually related to a bug fix for
dealing with embedded multipart email, it appears that JavaMail 1.4.1
interacts with the bug fix badly (getRawInputStream() now throws an
exception). I've managed to work around the problem with JavaMail 1.4.1
for this message, however I've discovered that calling saveChanges()
will result in message corruption in a number of other cases instead (in
this case the problem appears to be related to our handling of preamble
data in multipart objects, in the other cases it just appears that the
BodyPart is being re-encoded). As far as I can tell it is not safe to
rewrite a message with JavaMail 1.4.1 after attempting an edit of it
(i.e. calling saveChanges()) if you want an associated signature to
verify.

My advice would be that for JavaMail 1.4.1, and probably later, it is
not safe to call saveChanges() on a signed message if you have verified
it and need the message to verify later - the data handlers called to do
the rewrite re-encode the message, in some cases changing it. If you
have to do it this way use JavaMail 1.4 or file a bug report with Sun
and see if they can fix it.

I would be happy to fix this if possible - any advice would be most
welcome.

Regards,

David

On Wed, 2008-06-18 at 20:14 +0530, Sravan wrote:
> Hi all,
> I am upgrading my app to use BC 1.39 and in this process, facing a
> problem with S/MIME verification. Please see the class 'TestSMIMEVerify'
> in the attached archive. It reads an S/MIME signed message('input.eml'
> in the archive), verifies it and writes it back to an output file.
> 
> When I run the code using BC 1.39 JARs, the line "This is a multi-part
> message in MIME format.", which is present in the original message is
> being removed in the output message. As a result, when I try to verify
> the output message using an email client, the verification fails.
> This doesn't occur if I run the code using BC 1.34 JARs.  Please help me
> to figure out the exact cause for this discrepancy.
> 
> Thanks,
> Sravan
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic