Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
S/MIME Hash algorithm problem RSA-OAEP Encryption + Sha256 hash + RSASSA-PSS signature
Options
Go to last post Go to first unread
Previous Topic Next Topic
avalero008  
#1 Posted : Thursday, July 18, 2019 12:01:34 AM(UTC)
avalero008

Rank: Newbie

Groups: Registered
Joined: 7/17/2019(UTC)
Posts: 0
Spain
Location: Bilbao

Thanks: 4 times
Hello,

I have built a program in C# to send signed and encrypted emails automatically with the EAsendmail library but the receiver replies that he can not process the message because the hash algorithm is not correct.

The algorithm must be SHA256 or SHA512 and they say I'm sending with the default parameter SHA1. I'm confused with this because in my program I'm using the following statement:

Code:
oMail.SignatureHashAlgorithm = EASendMail.SignatureHashAlgorithmType.SHA256;


Is the way to indicate the hash algorithm incorrect? Maybe the problem is the moment I indicate the sentence? I include below the rest of the code if it helps:

Code:
SmtpMail oMail = new SmtpMail("myProductKey");
oMail.EncryptionAlgorithm = EASendMail::EASendMail.EncryptionAlgorithmType.ENCRYPTION_ALGORITHM_AES192;
oMail.SignatureHashAlgorithm = EASendMail::EASendMail.SignatureHashAlgorithmType.SHA256;
SmtpClient oSmtp = new SmtpClient();
oMail.From = "mydirection@domain.com";
oMail.Subject = filename;
oMail.TextBody = "EDIFACT - Nachricht";

bool encontradoCifrado = false;

EASendMail.Certificate[] certificadosCifrado = EASendMail::EASendMail.Certificate.FindCertificates("",
                Certificate.CertificateStoreLocation.CERT_SYSTEM_STORE_CURRENT_USER,
                "MY");
subjectBuscado = "C=DE, S=Berlin, L=Berlin, O=AAAAAAAAAA GMBH, OU=BBBBBBBBBB, OU=Commercial, CN=CCCCCCCC, E=mydirection@domain.com"; 
for (int j = 0; j < certificadosCifrado.Length; j++)
                {
                    
                    if (certificadosCifrado[j].Subject == subjectBuscado)
                    {
                        MailAddress oAddressfrom = oMail.From as MailAddress;
                        oAddressfrom.Certificate = certificadosCifrado[j];
                        encontradoCifrado = true;
                        break;
                    }
                }
MailAddress oAddressto;
oMail.To = "receiver@domain.com";
oAddressto = oMail.To[0] as MailAddress;
oAddressto.Certificate.Load("C/certificados/CERTIFICATE1.cer");
String attach = Convert.ToBase64String(File.ReadAllBytes(fileName));
oMail.AddAttachment( onlyfilename,attach);
SmtpServer oServer = new SmtpServer("smtp.domain.com");
oServer.Port = 25;
if(encontradoCifrado){
                try
                {
                    oSmtp.SendMail(oServer, oMail);
                    Console.WriteLine("email was sent successfully!");

                }
                catch (Exception ep)
                {
                    Console.WriteLine("failed to send email with the following error:");
                    Console.WriteLine(ep.Message);
                    Console.ReadKey();
}
}


The response is that I am using the DEFAULT params for hash algorithm:

Quote:
RSAES-OAEP-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
}


Can you please help me to correctly change the hash algorithm to SHA256?

Thank you,

Greetings

Alex

Edited by moderator Saturday, July 20, 2019 2:57:29 AM(UTC)  | Reason: Change subject for better search
Back to top

Wanna join the discussion?! Login to your EmailArchitect Support forum accountor Register a new forum account.
Back to top  
ivan  
#2 Posted : Friday, July 19, 2019 5:10:33 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Hi, thanks for using our software.

You need a special version of EASendMail to implement RSA-OAEP Encryption + Sha256 hash and RSASSA-PSS signature, i guess that is a requirement in Germany.

Please check your private message in the forum, i will send you the detail.
Back to top
thanks 1 user thanked ivan for this useful post.
avalero008 on 7/21/2019(UTC)
ivan  
#3 Posted : Friday, July 19, 2019 5:24:02 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)

By default, EASendMail uses windows/.NET built-in function to implement S/MIME, but it seems there is a compatible problem with RSASSA-PSS signature.

So we implemented another version by Bouncy Castle library.

Code:

// Digital signature with sha-256 hash algorithm (formal EASendMail)
oMail.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;

// Digital signature with sha-256 hash algorithm + RSASSA-PSS signature (EASendMail with bouncy castle version)
oMail.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
oMail.SignatureHashEncryption = SignatureHashEncryptionType.RSA_SSA_PSS_WITH_PARAMETER;

// Email encryption with RAES-OAEP-128 (formal EASendMail)
 oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;

// Email encryption with RAES-OAEP-128 + sha-256 oaep hash algorithm (formal EASendMail)
 oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
 oMail.OaepHashAlgorithm = OaepHashAlgorithmType.SHA256;


To use RSASSA-PSS signature, you must download and use this version.

http://www.emailarchitec...wnload/easendmail.bc.exe

Note: RSASSA-PSS signature by Bouncy Castle is not verified by most email clients (outlook, firebird ...), but it does meet the requirement in Germany.

If you don't use RSASSA-PSS signature, you don't have to use EASendMail + bouncy castle, just set it
Code:

// Email encryption with RAES-OAEP-128 + sha-256 oaep hash algorithm (formal EASendMail)
 oMail.EncryptionAlgorithm = EncryptionAlgorithmType.RAES_OAEP_128;
 oMail.OaepHashAlgorithm = OaepHashAlgorithmType.SHA256;

Back to top
thanks 1 user thanked ivan for this useful post.
avalero008 on 7/21/2019(UTC)
ivan  
#4 Posted : Sunday, July 21, 2019 7:30:11 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.

If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Germany, you'd better to use this version:

http://www.emailarchitec...wnload/easendmail.bc.exe

It uses SHA256 hash signature + SHA256 padding scheme.

Edited by user Monday, October 14, 2019 1:13:23 AM(UTC)  | Reason: Not specified
Back to top
thanks 1 user thanked ivan for this useful post.
avalero008 on 7/21/2019(UTC)
avalero008  
#5 Posted : Sunday, July 21, 2019 9:52:41 PM(UTC)
avalero008

Rank: Newbie

Groups: Registered
Joined: 7/17/2019(UTC)
Posts: 0
Spain
Location: Bilbao

Thanks: 4 times
Originally Posted by: ivan Go to Quoted Post
In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.

If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Gemany, you'd better to use this version:

http://www.emailarchitec...wnload/easendmail.bc.exe

It uses SHA256 hash signature + SHA256 padding scheme.


Hello Ivan,

First of all thank you very much for your messages.

That's right, I need to digitally sign emails following the German EDIFACT messaging rules. I will try to use the library you recommend.

I have a doubt: in the formal EASendmail I see that the SmtpMail object doesn't have the OaepHashAlgorithmType property and so the compiler has told me when doing the test. What am I missing?

Thanks again,

Alex
Back to top
ivan  
#6 Posted : Monday, July 22, 2019 5:15:45 AM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: avalero008 Go to Quoted Post
Originally Posted by: ivan Go to Quoted Post
In formal EASendMail, RSASSA-PSS signature is supported as well, however, it only supports SHA256 hash signature + SHA1 padding scheme.

If you need to sign digital signature based on the rule of EDIFACT in EUROPE/Gemany, you'd better to use this version:

http://www.emailarchitec...wnload/easendmail.bc.exe

It uses SHA256 hash signature + SHA256 padding scheme.


Hello Ivan,

First of all thank you very much for your messages.

That's right, I need to digitally sign emails following the German EDIFACT messaging rules. I will try to use the library you recommend.

I have a doubt: in the formal EASendmail I see that the SmtpMail object doesn't have the OaepHashAlgorithmType property and so the compiler has told me when doing the test. What am I missing?

Thanks again,

Alex


This property is undocumented, but it is existed, but it requires EASendMail 7.5.0.1 or later version. If you're using an older version, please download the latest version. Or you can use EASendMail BC version and have a try. Because you have to use RSASSA-PSS signature scheme, so BC version is the only solution.
Back to top
thanks 1 user thanked ivan for this useful post.
avalero008 on 7/22/2019(UTC)
avalero008  
#7 Posted : Tuesday, July 23, 2019 2:19:21 AM(UTC)
avalero008

Rank: Newbie

Groups: Registered
Joined: 7/17/2019(UTC)
Posts: 0
Spain
Location: Bilbao

Thanks: 4 times
I have tried with EAsendmail BC and it works!

Thank you very much Ivan, great support.

Regards,

Alex

Edited by user Tuesday, July 23, 2019 3:47:03 AM(UTC)  | Reason: Not specified
Back to top
Flambo  
#8 Posted : Wednesday, August 28, 2019 1:13:30 AM(UTC)
Flambo

Rank: Newbie

Groups: Registered
Joined: 8/28/2019(UTC)
Posts: 0
Denmark
Hi,
I'm currently testing the version of SendEmail with Bouncy Castle mentioned in this thread. When I use the SHA256 hash algorithm and RSA_PSS_WITH_PARAMETER encryption type I get the following exception in the BouncyCastle.Crypto.dll:

Code:
[10:28:47 ERR] Exception while attempting to send email
System.ArgumentException: Unsupported algorithm specified
Parameter name: privateKey
   at Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(AsymmetricAlgorithm privateKey)
   at .( , Byte[] , Boolean )
   at .( , Byte[] , Boolean )
   at EASendMail.SmtpMail.()
   at EASendMail.SmtpMail.get_EncodedContent()
   at EASendMail.SmtpClient.SendMail(SmtpMail mail)


The code that I use looks like this:

Code:
        public async Task Send(Mail mail, ConnectionInfo connectionInfo, MailSecurityOptions mailSecurityOptions)
        {
            var message = new SmtpMail("TryIT")
            {
                Subject = mail.subject
            };

            foreach (var attachment in mail.attachments)
            {
                var content = Convert.FromBase64String(attachment.content);
                message.AddAttachment(attachment.fileName, content);
            }

            message.TextBody = mail.body;
            message.HtmlBody = mail.body;

            message.Sender = new MailAddress(mail.sender.name, mail.sender.address);
            message.From = new MailAddress(mail.sender.name, mail.sender.address);

            message.Headers.Add(new HeaderItem("X-Mailer", "Outlook 14.0"));
            message.Headers.Add("Content-Language", "da");

            foreach (var recipient in mail.recipients)
            {
                    message.To.Add(new MailAddress("", recipient.address));
            }

            message.SignatureHashAlgorithm = SignatureHashAlgorithmType.SHA256;
            message.SignatureHashEncryption = SignatureHashEncryptionType.RSA_SSA_PSS_WITH_PARAMETER;
            var signerCertificate = _certificateService.GetCertificateBySenderEmail(message.From.Address);
            message.From.Certificate = signerCertificate;

            var smtpServer = new SmtpServer(connectionInfo.Host);
            if (!string.IsNullOrEmpty(connectionInfo.Username) || !string.IsNullOrEmpty(connectionInfo.Password))
            {
                smtpServer.User = connectionInfo.Username;
                smtpServer.Password = connectionInfo.Password;
            }
            var client = new SmtpClient();
            client.SendMail(smtpServer, message);
        }


Can anyone spot what I'm missing?
Back to top
ivan  
#9 Posted : Wednesday, August 28, 2019 6:16:58 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: Flambo Go to Quoted Post
Hi,
I'm currently testing the version of SendEmail with Bouncy Castle mentioned in this thread. When I use the SHA256 hash algorithm and RSA_PSS_WITH_PARAMETER encryption type I get the following exception in the BouncyCastle.Crypto.dll:


Can anyone spot what I'm missing?


Hi, your code looks good, but it seems the private key couldn't be exported. Please email to support@emailarchitect.net so that we can provide support directly.
Back to top
Users browsing this topic
Guest (7)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.130 seconds.

EXPLORE TUTORIALS

Send Email

Read and Parse Email

DKIM Solution

© All Rights Reserved, AIFEI Software Limited & AdminSystem Software Limited.