Page MenuHome GnuPG
Create Task
Maniphest T3979

GPGSM: Authenticated encryption
Open, WishlistPublic
Actions

Description

For S/MIME there are Authenticated encryption features in RFC 5083, 5084 and 5652

Due to attacks that might be similar to attacks on OpenPGP without MDC GnuPG should also support Authenticated Encryption features for S/MIME.

Details

Version
master

Related Objects

Event Timeline

aheinecke created this task.May 14 2018, 2:42 PM
werner added a subscriber: werner.May 14 2018, 7:59 PM

Do you have any other implementation to test against?

aheinecke mentioned this in T3985: Kleopatra: Mitigate manipulations of encrypted S/MIME files.May 15 2018, 1:52 PM
zablockil added a subscriber: zablockil.Jan 25 2024, 11:20 PM

Openssl since version 3 supports aes-gcm and aria-gcm in cms. CMS has a different wrapper for AEAD. openssl Pull Request. I created test files (nistp384 key, certificates, messages), perhaps it will be useful.

$ gpgsm --version
gpgsm (GnuPG) 2.4.3
libgcrypt 1.10.2
libksba 1.6.4

$ kleopatra -v
Gpg4win-4.2.0

$ gpgsm --import -v --batch credential_private_encrypted_3DES.p12

$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes128cbc.der
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes128cbc.pem
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes192cbc.der
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes192cbc.pem
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes256cbc.der
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes256cbc.pem
→ OK

$ kleopatra -d R:\envelopedData\encrypted_aes128cbc.der
$ kleopatra -d R:\envelopedData\encrypted_aes128cbc.pem
$ kleopatra -d R:\envelopedData\encrypted_aes192cbc.der
$ kleopatra -d R:\envelopedData\encrypted_aes192cbc.pem
$ kleopatra -d R:\envelopedData\encrypted_aes256cbc.der
$ kleopatra -d R:\envelopedData\encrypted_aes256cbc.pem
→ OK
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes128gcm.der
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes128gcm.pem
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes192gcm.der
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes192gcm.pem
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes256gcm.der
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes256gcm.pem
gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x0078e740)
gpgsm: error getting IV: Bufor zbyt mały
gpgsm: message decryption failed: Bufor zbyt mały <KSBA>
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x0078e740)
gpgsm: DBG: [no clock] keydb_release: leave
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
rndjent stat: collector=00000000 calls=0 bytes=0
secmem usage: 0/16384 bytes in 0 blocks

$ kleopatra -d R:\authEnvelopedData\encrypted_aes128gcm.der
$ kleopatra -d R:\authEnvelopedData\encrypted_aes128gcm.pem
$ kleopatra -d R:\authEnvelopedData\encrypted_aes192gcm.der
$ kleopatra -d R:\authEnvelopedData\encrypted_aes192gcm.pem
$ kleopatra -d R:\authEnvelopedData\encrypted_aes256gcm.der
$ kleopatra -d R:\authEnvelopedData\encrypted_aes256gcm.pem
→ error
$ openssl cms -decrypt -inform PEM -in "encrypted_aes256gcm.pem" -inkey "key_user.pem"
Content-Type: text/plain; charset=utf-8

This is a sample encrypted message.

$ openssl cms -decrypt -text -inform PEM -in "encrypted_aes256gcm.pem" -inkey "key_user.pem"
This is a sample encrypted message.

openssl_cms_aes-gcm_test.tar.gz27 KBDownload