[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: Re: R: R: [dev-crypto] OutofMemory with CMSEnvelopedData from fileInputStream
From: David Hook <dgh () cryptoworkshop ! com>
Date: 2019-09-27 17:19:43
Message-ID: c2be1e06-8af4-f873-f0e9-7fbb1baef556 () cryptoworkshop ! com
[Download RAW message or body]
This is correct, it will just be the symmetric session key that's come
out of the HSM, the private key used to wrap it is still locked in the
HSM assuming LunaSA is the provider for the HSM.
As described, the speed issue would have been due to the shuffling of
data between the HSM and the computer on decryption. It might be
possible to speed that up by providing a custom operator implementation
for the content decryption. It's normally pretty expensive to do bulk
decryption via a HSM though and as the session keys are single use and
protecting data that is already been fully exposed on the computer
itself this is usually acceptable - it's the main reason the
setContentProvider() method was added.
Regards,
David
On 26/9/19 11:01 pm, Emiliano Latini wrote:
>
> I receive an encrypted p7m file which I have to decrypt and extract
> the content. Given that the symmetric key used for encryption, is
> contained within the p7m file (encrypted with RSA encryption), what is
> coming out from the HSM to the local JceSun content provider should be
> only the decrypted symmetric key.
>
> So no key is coming out from the HSM.
>
>
>
> *Emiliano Latini*
>
> *Engineering's Software Laboratory*
>
> Direct: +39 06 87594577
> Mobile: +39 347 7906590
>
> E-mail : emiliano.latini@eng.it
>
> *Engineering Ingegneria Informatica spa
> Piazzale dell’Agricoltura, 24 - 00144 Roma*
>
> *Segui Engineering su Twitter! (@EngineeringSpA)*
>
> *www.eng.it <http://www.eng.it/> *
>
>
>
>
>
> *Da:*Massimiliano Ziccardi [mailto:mziccard@redhat.com]
> *Inviato:* giovedì 26 settembre 2019 14:49
> *A:* Emiliano Latini
> *Cc:* Arshad Noor; dev-crypto@bouncycastle.org
> *Oggetto:* Re: R: [dev-crypto] OutofMemory with CMSEnvelopedData from
> fileInputStream
>
>
>
> The private key should be used only to verify the signature, so only
> the hash need to be sent to the HSM to verify the signature.
>
> What need to be exported is the symmetric key used to encrypt and, if
> I'm not wrong, that is what is happening here and that would explain
> the speed improvement.
>
>
>
> I don't know what restrictions you have to oblige, but as far as I
> remember Italian laws wanted the HSM to be FIPS3, and if I remember
> correct with FIPS3 private keys are never exportable
>
>
>
> Il giorno gio 26 set 2019 alle ore 14:33 Emiliano Latini
> <emiliano.latini@eng.it <mailto:emiliano.latini@eng.it>> ha scritto:
>
> Hello Arshad,
>
> thanks for the clarification. It was clear to me the key is
> exposed, but this happens only for this particular use case when
> we receive this key from trusted actors in secure ways.The
> Application servers are also part of the security boundary.
>
>
>
> cheers
>
>
>
>
>
>
>
> *Da:*Arshad Noor [mailto:arshad.noor@strongkey.com
> <mailto:arshad.noor@strongkey.com>]
> *Inviato:* giovedì 26 settembre 2019 14:19
> *A:* Emiliano Latini
> *Cc:* dev-crypto@bouncycastle.org <mailto:dev-crypto@bouncycastle.org>
> *Oggetto:* Re: R: [dev-crypto] OutofMemory with CMSEnvelopedData
> from fileInputStream
>
>
>
> I haven't worked with the Luna HSM in nearly 20 years - but
> looking at this code it seems to me that the private-key has come
> _out_ of the HSM and is now under the control of the SunJCE
> (software) provider to perform the cryptographic operation.
>
> Going from 6+ minutes to 15 seconds for a 130MB file indicates
> that the local computer + software provider is performing the
> cryptographic operation - not the HSM. This may be acceptable to
> your business, but given that the point of using an HSM is to
> protect cryptographic keys, unless the local computer is part of
> your security boundary, the key has just been exposed. You might
> want to check with your Security people if that is an acceptable
> risk for your business use-case.
>
> Arshad Noor
> StrongKey
>
> On 9/26/19 2:15 AM, Emiliano Latini wrote:
>
> Guys I’v tried this way:
>
>
>
> JceKeyTransEnvelopedRecipient trans=new
> JceKeyTransEnvelopedRecipient((PrivateKey)jcaProvider.getKeystore().getKey(alias,jcaProvider.getPwd().toCharArray()));
>
>
> trans.setMustProduceEncodableUnwrappedKey(true);
>
>
> trans.setProvider(provider);
>
>
> trans.setContentProvider("SunJCE");
>
>
>
> where provider is “LunaSA” provider and seems I’ve nailed it.
>
> Is it right to assume I’ve getted the key from the HSM and
> decrypted the content with local software implementation?
>
>
>
>
>
>
>
> *Da:*Emiliano Latini [mailto:emiliano.latini@eng.it]
> *Inviato:* giovedì 26 settembre 2019 09:27
> *A:* Eckenfels. Bernd
> *Cc:* dev-crypto@bouncycastle.org
> <mailto:dev-crypto@bouncycastle.org>
> *Oggetto:* Re: [dev-crypto] OutofMemory with CMSEnvelopedData
> from fileInputStream
>
>
>
> Since the Hsm is a network attached one could make sense to
> use the hsm provider and BC ad content provider?
>
> Inviato da TypeApp <http://www.typeapp.com/r?b=15620>
>
> Il giorno 25 set 2019, alle ore 19:02, "Eckenfels. Bernd"
> <b.eckenfels@seeburger.de <mailto:b.eckenfels@seeburger.de>>
> ha scritto:
>
> For such a scenario it seems to make sense to fall back to a
> software hash implementation and do only the signature in the
> HSM. Thats a bit tricky in terms of compliance and might
> require some infrastructure to have two providers, but even
> though HSMs claim ridiculous speeds I would just not use them
> for hashing large payloads.
>
>
>
> Gruss
>
> Bernd
>
>
>
> *Von:*Emiliano Latini <emiliano.latini@eng.it>
> <mailto:emiliano.latini@eng.it>
> *Gesendet:* Mittwoch, 25. September 2019 18:14
> *An:* dev-crypto@bouncycastle.org
> <mailto:dev-crypto@bouncycastle.org>
> *Betreff:* [dev-crypto] OutofMemory with CMSEnvelopedData from
> fileInputStream
>
>
>
> I’ve solved the issue extracting directly the recipient :
>
>
>
> RecipientInformation recipient = recipients.get(new
> JceKeyTransRecipientId((java.security.cert.X509Certificate)jcaProvider.getKeystore().getCertificate(alias)));
>
>
>
>
>
>
>
> The problem is the operation is very slow even with a 130mb
> file. I’ve tried with the size of inputstream used for the
> CMSEnvelopedDataParser:
>
>
>
> CMSEnvelopedDataParser envelopedData = new
> CMSEnvelopedDataParser(new
> BufferedInputStream(encEnvelopedData,parsBuf));
>
>
>
>
>
> And with the buffer used in IOUtils.copylarge used for copying
> the decripted file:
>
>
>
> IOUtils.copyLarge(decryptedStream, os, buf);
>
>
>
>
>
> Below some execution times:
>
>
>
> copytime:00:06:24.178 With parsebuf:8192 and copybuf:1024
>
> copytime:00:06:46.668 With parsebuf:8192 and copybuf:8192
>
> copytime:00:06:45.187 With parsebuf:16384 and copybuf:16384
>
> copytime:00:06:39.961 With parsebuf:524288 and copybuf:524288
>
>
>
>
>
> could be the HSM the bottleneck?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *SEEBURGER AG*
>
>
>
>
>
>
>
> Vorstand/SEEBURGER Executive Board:
>
> Sitz der Gesellschaft/Registered Office:
>
>
>
>
>
>
>
> Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz,
> Matthias Feßenbecker
>
> Edisonstr. 1
>
>
>
>
>
>
>
> D-75015 Bretten
>
>
>
>
> Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER
> Supervisory Board:
>
> Tel.: 07252 / 96 - 0
>
>
>
>
> Prof. Dr. Simone Zeuchner
>
> Fax: 07252 / 96 - 2222
>
>
>
>
> Internet: http://www.seeburger.de
>
>
>
>
> Registergericht/Commercial Register:
>
> e-mail: info@seeburger.de <mailto:info@seeburger.de>
>
>
>
>
> HRB 240708 Mannheim
>
>
>
> Dieses E-Mail ist nur für den Empfänger bestimmt, an den es
> gerichtet ist und kann vertrauliches bzw. unter das
> Berufsgeheimnis fallendes Material enthalten. Jegliche darin
> enthaltene Ansicht oder Meinungsäußerung ist die des Autors
> und stellt nicht notwendigerweise die Ansicht oder Meinung der
> SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie
> diese E-Mail irrtümlich erhalten und jegliche Verwendung,
> Veröffentlichung, Weiterleitung, Abschrift oder jeglicher
> Druck dieser E-Mail ist strengstens untersagt. Weder die
> SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen
> die Haftung für Viren; es obliegt Ihrer Verantwortung, die
> E-Mail und deren Anhänge auf Viren zu prüfen.
>
> This email is intended only for the recipient(s) to whom it is
> addressed. This email may contain confidential material that
> may be protected by professional secrecy. Any fact or opinion
> contained, or expression of the material herein, does not
> necessarily reflect that of SEEBURGER AG. If you are not the
> addressee or if you have received this email in error, any
> use, publication or distribution including forwarding, copying
> or printing is strictly prohibited. Neither SEEBURGER AG, nor
> the sender (Eckenfels. Bernd) accept liability for viruses; it
> is your responsibility to check this email and its attachments
> for viruses.
>
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">This is correct, it will just be the
symmetric session key that's come out of the HSM, the private key
used to wrap it is still locked in the HSM assuming LunaSA is the
provider for the HSM. <br>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">As described, the speed issue would
have been due to the shuffling of data between the HSM and the
computer on decryption. It might be possible to speed that up by
providing a custom operator implementation for the content
decryption. It's normally pretty expensive to do bulk decryption
via a HSM though and as the session keys are single use and
protecting data that is already been fully exposed on the
computer itself this is usually acceptable - it's the main
reason the setContentProvider() method was added.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Regards,</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">David</div>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 26/9/19 11:01 pm, Emiliano Latini
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:PR1PR01MB479592050067C639CF26EE0298860@PR1PR01MB4795.eurprd01.prod.exchangelabs.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Segoe UI \, sans-serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.StileMessaggioDiPostaElettronica18
{mso-style-type:personal-reply;
font-family:"Tahoma","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">I receive an encrypted p7m file which I have to
decrypt and extract the content. Given that the symmetric
key used for encryption, is contained within the p7m file
(encrypted with RSA encryption), what is coming out from the
HSM to the local JceSun content provider should be only the
decrypted symmetric key.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">So no key is coming out from the HSM.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray">Emiliano
Latini</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:navy"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray">Engineering's
Software Laboratory</span></b><span \
style="color:blue"><o:p></o:p></span></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray">Direct: \
+39 06 87594577
</span><span style="color:navy"><br>
</span><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray">Mobile: \
+39 347 7906590</span><span style="color:navy"> <br>
</span><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray"> \
</span><span style="color:navy"><br>
</span><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray">E-mail
: <a class="moz-txt-link-abbreviated" \
href="mailto:emiliano.latini@eng.it">emiliano.latini@eng.it</a> </span><span \
style="color:navy"><o:p></o:p></span></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray">Engineering
Ingegneria Informatica spa<br>
Piazzale dell’Agricoltura, 24 - 00144 Roma</span></b><span
style="color:blue"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray"
lang="EN-GB">Segui Engineering su Twitter!
(@EngineeringSpA)</span></b><span \
style="color:blue"><o:p></o:p></span></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:gray"
lang="EN-GB"><a href="http://www.eng.it/"
moz-do-not-send="true">www.eng.it</a>
</span></b><span style="color:blue"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue"> \
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"><o:p> \
</o:p></span></p> <p class="MsoNormal" style="margin-left:35.4pt"><b><span
style="font-size:10.0pt;font-family:"Segoe
UI","sans-serif"">Da:</span></b><span
style="font-size:10.0pt;font-family:"Segoe
UI","sans-serif""> Massimiliano Ziccardi
[<a class="moz-txt-link-freetext" \
href="mailto:mziccard@redhat.com">mailto:mziccard@redhat.com</a>] <br>
<b>Inviato:</b> giovedì 26 settembre 2019 14:49<br>
<b>A:</b> Emiliano Latini<br>
<b>Cc:</b> Arshad Noor; <a class="moz-txt-link-abbreviated" \
href="mailto:dev-crypto@bouncycastle.org">dev-crypto@bouncycastle.org</a><br> \
<b>Oggetto:</b> Re: R: [dev-crypto] OutofMemory with CMSEnvelopedData from \
fileInputStream<o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:35.4pt"><o:p> </o:p></p> <div>
<p class="MsoNormal" style="margin-left:35.4pt">The private
key should be used only to verify the signature, so only the
hash need to be sent to the HSM to verify the signature. <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">What need to
be exported is the symmetric key used to encrypt and, if
I'm not wrong, that is what is happening here and that
would explain the speed improvement.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">I don't know
what restrictions you have to oblige, but as far as I
remember Italian laws wanted the HSM to be FIPS3, and if I
remember correct with FIPS3 private keys are never
exportable<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:35.4pt"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Il giorno
gio 26 set 2019 alle ore 14:33 Emiliano Latini <<a
href="mailto:emiliano.latini@eng.it"
moz-do-not-send="true">emiliano.latini@eng.it</a>> ha
scritto:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">Hello Arshad,</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">thanks for the clarification. It was
clear to me the key is exposed, but this happens
only for this particular use case when we receive
this key from trusted actors in secure ways.The
Application servers are also part of the security
boundary.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">cheers</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><b><span
style="font-size:10.0pt;font-family:"Segoe
UI","sans-serif"" \
lang="EN-US">Da:</span></b><span style="font-size:10.0pt;font-family:"Segoe
UI","sans-serif"" lang="EN-US">
Arshad Noor [mailto:<a
href="mailto:arshad.noor@strongkey.com"
target="_blank" \
moz-do-not-send="true">arshad.noor@strongkey.com</a>] <br>
<b>Inviato:</b> giovedì 26 settembre 2019 14:19<br>
<b>A:</b> Emiliano </span><span
style="font-size:10.0pt;font-family:"Segoe
UI","sans-serif"">Latini<br>
<b>Cc:</b> <a
href="mailto:dev-crypto@bouncycastle.org"
target="_blank" \
moz-do-not-send="true">dev-crypto@bouncycastle.org</a><br> <b>Oggetto:</b> Re: R: \
[dev-crypto] OutofMemory
with CMSEnvelopedData from \
fileInputStream</span><o:p></o:p></p> </div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"> \
<o:p></o:p></p> <p style="margin-left:70.8pt">I haven't worked with the
Luna HSM in nearly 20 years - but looking at this code
it seems to me that the private-key has come
<u>out</u> of the HSM and is now under the control of
the SunJCE (software) provider to perform the
cryptographic operation.
<o:p></o:p></p>
<p style="margin-left:70.8pt">Going from 6+ minutes to
15 seconds for a 130MB file indicates that the local
computer + software provider is performing the
cryptographic operation - not the HSM. This may be
acceptable to your business, but given that the point
of using an HSM is to protect cryptographic keys,
unless the local computer is part of your security
boundary, the key has just been exposed. You might
want to check with your Security people if that is an
acceptable risk for your business use-case.<o:p></o:p></p>
<p style="margin-left:70.8pt">Arshad Noor<br>
StrongKey<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt">On
9/26/19 2:15 AM, Emiliano Latini wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">Guys I’v tried this way:</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">JceKeyTransEnvelopedRecipient
trans=new
JceKeyTransEnvelopedRecipient((PrivateKey)jcaProvider.getKeystore().getKey(alias,jcaProvider.getPwd().toCharArray()));</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> \
\
trans.setMustProduceEncodableUnwrappedKey(true);</span><o:p></o:p></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> \
trans.setProvider(provider);</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> \
trans.setContentProvider("SunJCE");</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">where provider is “LunaSA” provider
and seems I’ve nailed it.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">Is it right to assume I’ve getted the
key from the HSM and decrypted the content with
local software implementation?</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:70.8pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><b><span
style="font-size:10.0pt;font-family:"Segoe UI ,
sans-serif","serif"">Da:</span></b><span
style="font-size:10.0pt;font-family:"Segoe UI ,
sans-serif","serif""> Emiliano
Latini [<a
href="mailto:emiliano.latini@eng.it"
target="_blank" \
moz-do-not-send="true">mailto:emiliano.latini@eng.it</a>] <br>
<b>Inviato:</b> giovedì 26 settembre 2019
09:27<br>
<b>A:</b> Eckenfels. Bernd<br>
<b>Cc:</b> <a
href="mailto:dev-crypto@bouncycastle.org"
target="_blank" \
moz-do-not-send="true">dev-crypto@bouncycastle.org</a><br> <b>Oggetto:</b> Re: \
[dev-crypto] OutofMemory
with CMSEnvelopedData from \
fileInputStream</span><o:p></o:p></p> </div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"> \
<o:p></o:p></p> <div>
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:106.2pt"> <span \
lang="DE">Since the Hsm is a network attached one could make sense to use the hsm
provider and BC ad content provider?<br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
lang="DE">Inviato da <a
href="http://www.typeapp.com/r?b=15620"
target="_blank" moz-do-not-send="true">
TypeApp</a> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
lang="DE">Il giorno 25 set 2019, alle ore 19:02,
"Eckenfels. Bernd" <<a
href="mailto:b.eckenfels@seeburger.de"
target="_blank" \
moz-do-not-send="true">b.eckenfels@seeburger.de</a>> ha scritto:
</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="DE">For such a scenario it seems to make
sense to fall back to a software hash
implementation and do only the signature in the
HSM. Thats a bit tricky in terms of compliance
and might require some infrastructure to have
two providers, but even though HSMs claim
ridiculous speeds I would just not use them for
hashing large payloads.</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="DE">Gruss</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="DE">Bernd</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
lang="DE">Von:</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
lang="DE"> Emiliano Latini
<a href="mailto:emiliano.latini@eng.it"
target="_blank" \
moz-do-not-send="true"><emiliano.latini@eng.it></a> <br>
<b>Gesendet:</b> Mittwoch, 25. September
2019 18:14<br>
<b>An:</b> <a
href="mailto:dev-crypto@bouncycastle.org"
target="_blank" \
moz-do-not-send="true">dev-crypto@bouncycastle.org</a><br> <b>Betreff:</b> \
[dev-crypto] OutofMemory
with CMSEnvelopedData from \
fileInputStream</span><o:p></o:p></p> </div>
</div>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">I’ve solved the issue extracting
directly the recipient :</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt;text-indent:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">RecipientInformation recipient =
recipients.get(new
JceKeyTransRecipientId((java.security.cert.X509Certificate)jcaProvider.getKeystore().getCertificate(alias)));</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">The problem is the operation is
very slow even with a 130mb file. I’ve tried
with the size of inputstream used for the
CMSEnvelopedDataParser:</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US"> CMSEnvelopedDataParser
envelopedData = new CMSEnvelopedDataParser(new
\
BufferedInputStream(encEnvelopedData,parsBuf));</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">And with the buffer used in
IOUtils.copylarge used for copying the decripted
file:</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt;text-indent:35.4pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">IOUtils.copyLarge(decryptedStream,
os, buf);</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">Below some execution \
times:</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">copytime:00:06:24.178 With
parsebuf:8192 and copybuf:1024</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">copytime:00:06:46.668 With
parsebuf:8192 and copybuf:8192</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">copytime:00:06:45.187 With
parsebuf:16384 and copybuf:16384</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">copytime:00:06:39.961 With
parsebuf:524288 and copybuf:524288</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:106.2pt"><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue"
lang="EN-US">could be the HSM the \
bottleneck?</span><o:p></o:p></p> <p class="MsoNormal"
\
style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:106.2pt"> <span \
lang="DE"><br> <br>
<br>
<br>
</span><o:p></o:p></p>
<table class="MsoNormalTable"
\
style="width:100.0%;margin-left:106.2pt;border-collapse:collapse" \
id="gmail-m_3366692948816259964table1" width="100%" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td
style="width:204.0pt;border:none;border-bottom:double
windowtext 2.25pt;padding:.75pt .75pt .75pt
.75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p> </td>
<td
style="width:33.75pt;border:none;border-bottom:double
windowtext 2.25pt;padding:.75pt .75pt .75pt
.75pt" width="45">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p> </td>
<td style="border:none;border-bottom:double
windowtext 2.25pt;padding:.75pt .75pt .75pt
.75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p> </td>
</tr>
</tbody>
</table>
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:106.2pt"> <span \
lang="DE"> </span><o:p></o:p></p> <table class="MsoNormalTable"
\
style="width:100.0%;margin-left:106.2pt;border-collapse:collapse" \
id="gmail-m_3366692948816259964table1" width="100%" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">SEEBURGER
AG</span></b><o:p></o:p></p>
</td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p> </td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Vorstand/SEEBURGER
Executive Board:</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Sitz
der Gesellschaft/Registered \
Office:</span><o:p></o:p></p> </td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p> </td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Axel
Haas, Michael Kleeberg, Axel Otto, Dr.
Martin Kuntz, Matthias \
Feßenbecker</span><o:p></o:p></p> </td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Edisonstr.
1</span><o:p></o:p></p>
</td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p> </td>
<td style="padding:.75pt .75pt .75pt .75pt"><br>
</td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">D-75015
Bretten</span><o:p></o:p></p>
</td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45"><br>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Vorsitzende
des Aufsichtsrats/Chairperson of the
SEEBURGER Supervisory Board:</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Tel.:
07252 / 96 - 0</span><o:p></o:p></p>
</td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45"><br>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Prof.
Dr. Simone Zeuchner</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Fax:
07252 / 96 - 2222</span><o:p></o:p></p>
</td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45"><br>
</td>
<td style="padding:.75pt .75pt .75pt .75pt"><br>
</td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Internet:
<a href="http://www.seeburger.de"
target="_blank" \
moz-do-not-send="true">http://www.seeburger.de</a></span><o:p></o:p></p> </td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45"><br>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">Registergericht/Commercial
Register:</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="width:204.0pt;padding:.75pt .75pt
.75pt .75pt" width="272">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">e-mail:
<a href="mailto:info@seeburger.de"
target="_blank" \
moz-do-not-send="true">info@seeburger.de</a></span><o:p></o:p></p> </td>
<td style="width:33.75pt;padding:.75pt .75pt
.75pt .75pt" width="45"><br>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"
\
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">HRB
240708 Mannheim</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p style="margin-left:106.2pt"><span lang="DE"> \
</span><o:p></o:p></p> <p
style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:106.2pt"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray"
lang="DE">Dieses E-Mail ist nur für den
Empfänger bestimmt, an den es gerichtet ist und
kann vertrauliches bzw. unter das
Berufsgeheimnis fallendes Material enthalten.
Jegliche darin enthaltene Ansicht oder
Meinungsäußerung ist die des Autors und stellt
nicht notwendigerweise die Ansicht oder Meinung
der SEEBURGER AG dar. Sind Sie nicht der
Empfänger, so haben Sie diese E-Mail irrtümlich
erhalten und jegliche Verwendung,
Veröffentlichung, Weiterleitung, Abschrift oder
jeglicher Druck dieser E-Mail ist strengstens
untersagt. Weder die SEEBURGER AG noch der
Absender (Eckenfels. Bernd) übernehmen die
Haftung für Viren; es obliegt Ihrer
Verantwortung, die E-Mail und deren Anhänge auf
Viren zu prüfen.
</span><o:p></o:p></p>
<p
style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:106.2pt"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray"
lang="DE">This email is intended only for the
recipient(s) to whom it is addressed. This email
may contain confidential material that may be
protected by professional secrecy. Any fact or
opinion contained, or expression of the material
herein, does not necessarily reflect that of
SEEBURGER AG. If you are not the addressee or if
you have received this email in error, any use,
publication or distribution including
forwarding, copying or printing is strictly
prohibited. Neither SEEBURGER AG, nor the sender
(Eckenfels. Bernd) accept liability for viruses;
it is your responsibility to check this email
and its attachments for viruses.
</span><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic