Send S/MIME signed message
Gmail mangles S/MIME signed messages differently http://fossaguard.blogspot.com/2020/04/smime-signed-messages-support-in-gmail.html
application/pkcs7-mime
withSignedData
by restricting access to the signature (since G Suite uses this format to sign messages)multipart/signed
by rearranging MIME parts of the message converting tomultipart/mixed
The following approach has been implemented to send S/MIME signed emails:
- to
*@gmail.com
addresses multipart/mixed format used withsmime.p7m
attachment which contains original S/MIME multipart/signed message with signature due to the following reasons:- User will be able to see message content, files without any extension
- User will be able to view content, files of the original message with the digital signature using of Fossa Guard
- to all other addresses a standard S/MIME
SignedData
format due to the following reasons: - G Suite accounts use custom domains,
- G Suite uses
SignedData
format internally for S/MIME signed messages - Gmail doesn't mangle message to external addresses
Signature status indication
When User opens S/MIME signed message in Gmail UI Fossa Gard extension tries to verify the signature
Once S/MIME signature verified the corresponding status is indicated.
Fossa Guard replaces the content of the message by the original read from
smime.p7m
attachment. A new button `View Original Message` becomes available to open the email in Fossa Guard View dialog with original message content and original attachments
Signature verification
- The attached certificate chain is not used in the email signature verification procedure until added to the list of trusted.
- Email signature verification is performed per email Sent date.