GPGSM: Authenticated encryption
Open, NormalPublic
Actions

Assigned To

None

Authored By

	• aheinecke
	May 14 2018, 2:42 PM

Description

For S/MIME there are Authenticated encryption features in RFC 5083, 5084 and 5652

Due to attacks that might be similar to attacks on OpenPGP without MDC GnuPG should also support Authenticated Encryption features for S/MIME.

Details

Version: master

Revisions and Commits

rG GnuPG
	rG4980fb3c6dde sm: Support AES-GCM decryption.

Related Objects

Mentioned In: T3985: Kleopatra: Mitigate manipulations of encrypted S/MIME files

Event Timeline

• aheinecke created this task.May 14 2018, 2:42 PM

Do you have any other implementation to test against?

• aheinecke mentioned this in T3985: Kleopatra: Mitigate manipulations of encrypted S/MIME files.May 15 2018, 1:52 PM

Openssl since version 3 supports aes-gcm and aria-gcm in cms. CMS has a different wrapper for AEAD. openssl Pull Request. I created test files (nistp384 key, certificates, messages), perhaps it will be useful.

$ gpgsm --version
gpgsm (GnuPG) 2.4.3
libgcrypt 1.10.2
libksba 1.6.4

$ kleopatra -v
Gpg4win-4.2.0

$ gpgsm --import -v --batch credential_private_encrypted_3DES.p12

$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes128cbc.der
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes128cbc.pem
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes192cbc.der
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes192cbc.pem
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes256cbc.der
$ gpgsm --debug-level guru -d R:\envelopedData\encrypted_aes256cbc.pem
→ OK

$ kleopatra -d R:\envelopedData\encrypted_aes128cbc.der
$ kleopatra -d R:\envelopedData\encrypted_aes128cbc.pem
$ kleopatra -d R:\envelopedData\encrypted_aes192cbc.der
$ kleopatra -d R:\envelopedData\encrypted_aes192cbc.pem
$ kleopatra -d R:\envelopedData\encrypted_aes256cbc.der
$ kleopatra -d R:\envelopedData\encrypted_aes256cbc.pem
→ OK

$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes128gcm.der
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes128gcm.pem
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes192gcm.der
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes192gcm.pem
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes256gcm.der
$ gpgsm --debug-level guru -d R:\authEnvelopedData\encrypted_aes256gcm.pem
gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x0078e740)
gpgsm: error getting IV: Bufor zbyt mały
gpgsm: message decryption failed: Bufor zbyt mały <KSBA>
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x0078e740)
gpgsm: DBG: [no clock] keydb_release: leave
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
rndjent stat: collector=00000000 calls=0 bytes=0
secmem usage: 0/16384 bytes in 0 blocks

$ kleopatra -d R:\authEnvelopedData\encrypted_aes128gcm.der
$ kleopatra -d R:\authEnvelopedData\encrypted_aes128gcm.pem
$ kleopatra -d R:\authEnvelopedData\encrypted_aes192gcm.der
$ kleopatra -d R:\authEnvelopedData\encrypted_aes192gcm.pem
$ kleopatra -d R:\authEnvelopedData\encrypted_aes256gcm.der
$ kleopatra -d R:\authEnvelopedData\encrypted_aes256gcm.pem
→ error

$ openssl cms -decrypt -inform PEM -in "encrypted_aes256gcm.pem" -inkey "key_user.pem"
Content-Type: text/plain; charset=utf-8

This is a sample encrypted message.

$ openssl cms -decrypt -text -inform PEM -in "encrypted_aes256gcm.pem" -inkey "key_user.pem"
This is a sample encrypted message.

openssl_cms_aes-gcm_test.tar.gz27 KBDownload

• werner raised the priority of this task from Wishlist to Normal.Dec 19 2024, 10:32 AM

• werner added a commit: rG4980fb3c6dde: sm: Support AES-GCM decryption..

• werner added a project: gnupg26.