You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Using the WindowsSecureMimeContext decrypting an encrypted mail sometimes fails. The reason for this is that it might find multiple RecipientInfos and only tries to find the key for the first one while it should also check the second, third, ...
After discovering the issue, I found it also documented at https://www.limilabs.com/blog/envelopedcms-decrypt-problem.
Platform:
OS: Windows
.NET Framework: .Net Core 3.1, .NET 4.8
MimeKit Version: all
Proposed Solution
Rather than using the EnvelopedCms.Decrypt() method, use the EnvelopedCms.Decrypt(System.Security.Cryptography.Pkcs.RecipientInfo recipientInfo) for each recipient info. The below code loops over them and stops as soon as we had a successful decryption.
publicoverrideMimeEntityDecrypt(StreamencryptedData,CancellationTokencancellationToken=default(CancellationToken)){if(encryptedData==null)thrownewArgumentNullException(nameof(encryptedData));varenveloped=newEnvelopedCms();enveloped.Decode(ReadAllBytes(encryptedData));varsuccess=false;foreach(varrecipientInfoinenveloped.RecipientInfos){try{enveloped.Decrypt(recipientInfo);success=true;break;}catch(CryptographicException){}}if(!success){// No key was found for any of the recipients, so throw an exception.// Probably should add some info on which recipients we tried to look for.thrownewCryptographicException("No key to decrypt was found");}vardecryptedData=enveloped.Encode();varmemory=newMemoryStream(decryptedData,false);returnMimeEntity.Load(memory,true,cancellationToken);}
The text was updated successfully, but these errors were encountered:
@jstedfast I added a comment to your code fix last week but I have the idea it went overlooked. So I'm adding it here as well:
I am not sure this will work. I think you should break after the first successful attempt.
With this code, if there are multiple RecipientInfos and for at least one there is a failure to decrypt the EnvelopedCms, it will result in a complete failure while it should not.
As soon as there is one RecipientInfo for which the decryption is successful, the decryption should be considered successful. Hence the boolean and the break in my suggested code.
Describe the bug
Using the WindowsSecureMimeContext decrypting an encrypted mail sometimes fails. The reason for this is that it might find multiple RecipientInfos and only tries to find the key for the first one while it should also check the second, third, ...
After discovering the issue, I found it also documented at https://www.limilabs.com/blog/envelopedcms-decrypt-problem.
Platform:
Proposed Solution
Rather than using the EnvelopedCms.Decrypt() method, use the EnvelopedCms.Decrypt(System.Security.Cryptography.Pkcs.RecipientInfo recipientInfo) for each recipient info. The below code loops over them and stops as soon as we had a successful decryption.
The text was updated successfully, but these errors were encountered: