MS Exchange server corrupting PGP-MIME emails

Phil Brooke pjb at scm.tees.ac.uk
Mon Oct 31 13:53:16 CET 2011 

Hi,

On Fri, 28 Oct 2011, Jerry wrote:
> On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated:
>> Nothing relating to encrypted data, but I've seen an MS Exchange
>> system rewrite signed emails (both PGP/MIME and S/MIME) with the
>> obvious effect of causing failed verifications.
>
> Could you please supply proof of that statement. An example of the
> message before and after it was processed by the server would be
> advantageous.

I attach two messages: correct.email (fcc of an email) and broken.email 
(the version which went through our local Exchange server).  (Not sure if 
attachments will get through.  I'll try anyway.)  I've removed nearly 
every header and snipped out some of the same content.

The interesting bit is the diff of the body:

    2,4c2,4
    < Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="
    <
    < This is an OpenPGP/MIME signed message (RFC2440, RFC3156).
    ---
    > Content-Type: multipart/signed; protocol="application/pgp-signature";
    > 	micalg=pgp-sha1;
    > 	boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="
    7c7,8
    < Content-Type: multipart/mixed; boundary="1771607802-1616753266-1320061802=:11794"
    ---
    > Content-Type: multipart/mixed;
    > 	boundary="1771607802-1616753266-1320061802=:11794"
    10c11
    < Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8
    ---
    > Content-Type: text/plain; format=flowed; charset="UTF-8"
    17c18
    < Content-Type: TEXT/plain; charset=UTF-8; name=test1.txt
    ---
    > Content-Type: text/plain; charset="UTF-8"; name="test1.txt"
    20,21c21,22
    < Content-Description: A plain text file.
    < Content-Disposition: attachment; filename=test1.txt
    ---
    > Content-Description: test1.txt
    > Content-Disposition: attachment; filename="test1.txt"
    26c27
    < Content-Type: APPLICATION/pdf; name="test1 as a PDF.pdf"
    ---
    > Content-Type: application/pdf; name="test1 as a PDF.pdf"
    29c30
    < Content-Description: The file as PDF.
    ---
    > Content-Description: test1 as a PDF.pdf

All the changes, except the first (to the first Content-Type and
prologue) are within the signed part of the message.   So we've got
   - added quoting,
   - change of case in the Content-Type,
   - modification of Content-Description, and
   - changed folding.

I'm not sure which Exchange server version(s) we're running here.  In
case these received headers are useful:

    Received: from zzzzzz.zzzz.zz.zz (zzz.zzz.zzz.zz) by zzzzzz.zzzzzzz.zzzz.zz.zz
     (zzz.zzz.zz.zz) with Microsoft SMTP Server (TLS) id 8.2.255.0; Mon, 31 Oct
     2011 11:50:40 +0000
    Received: from zzzzzz.zzz.zzzz.zz.zz (zzz.zzz.zz.zz) by zzzzzz.zzzz.zz.zz
     (zzz.zzz.zzz.zz) with Microsoft SMTP Server (TLS) id 14.1.339.1; Mon, 31 Oct
     2011 11:51:04 +0000

Cheers,

Phil.
-------------- next part --------------
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
	micalg=pgp-sha1;
	boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="

--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: multipart/mixed;
	boundary="1771607802-1616753266-1320061802=:11794"

--1771607802-1616753266-1320061802=:11794
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE

We write an email=E2=80=A6
It has two attachments.

--1771607802-1616753266-1320061802=:11794
Content-Type: text/plain; charset="UTF-8"; name="test1.txt"
Content-Transfer-Encoding: BASE64
Content-ID: <alpine.DEB.2.02.1110311150020.11794 at sirius.scm.tees.ac.uk>
Content-Description: test1.txt
Content-Disposition: attachment; filename="test1.txt"

QSB0ZXN0IGZpbGUuDQo=

--1771607802-1616753266-1320061802=:11794
Content-Type: application/pdf; name="test1 as a PDF.pdf"
Content-Transfer-Encoding: BASE64
Content-ID: <alpine.DEB.2.02.1110311150021.11794 at sirius.scm.tees.ac.uk>
Content-Description: test1 as a PDF.pdf
Content-Disposition: attachment; filename="test1 as a PDF.pdf"

JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy
[snip]
RkNGPjxEOEVDNDEzRUFDNTY5QTZCNjgxQTIzQkNCQzA1MEZDRj5dCj4+CnN0
YXJ0eHJlZgo0NjcxCiUlRU9GCg==

--1771607802-1616753266-1320061802=:11794--

--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: application/pgp-signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk6ui20ACgkQleaexJ2vm1xyhACeIF/xhBoDDD5KjXXzD84s73uF
pAYAnAwzrfPeLOycJScl+hvigL86VhLR
=cFUB
-----END PGP SIGNATURE-----

--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=--

-------------- next part --------------
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_="

This is an OpenPGP/MIME signed message (RFC2440, RFC3156).

--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: multipart/mixed; boundary="1771607802-1616753266-1320061802=:11794"

--1771607802-1616753266-1320061802=:11794
Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

We write an email=E2=80=A6
It has two attachments.

--1771607802-1616753266-1320061802=:11794
Content-Type: TEXT/plain; charset=UTF-8; name=test1.txt
Content-Transfer-Encoding: BASE64
Content-ID: <alpine.DEB.2.02.1110311150020.11794 at sirius.scm.tees.ac.uk>
Content-Description: A plain text file.
Content-Disposition: attachment; filename=test1.txt

QSB0ZXN0IGZpbGUuDQo=

--1771607802-1616753266-1320061802=:11794
Content-Type: APPLICATION/pdf; name="test1 as a PDF.pdf"
Content-Transfer-Encoding: BASE64
Content-ID: <alpine.DEB.2.02.1110311150021.11794 at sirius.scm.tees.ac.uk>
Content-Description: The file as PDF.
Content-Disposition: attachment; filename="test1 as a PDF.pdf"

JVBERi0xLjQKJcfsj6IKNSAwIG9iago8PC9MZW5ndGggNiAwIFIvRmlsdGVy
[snip]
RkNGPjxEOEVDNDEzRUFDNTY5QTZCNjgxQTIzQkNCQzA1MEZDRj5dCj4+CnN0
YXJ0eHJlZgo0NjcxCiUlRU9GCg==

--1771607802-1616753266-1320061802=:11794--

--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=
Content-Type: application/pgp-signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk6ui20ACgkQleaexJ2vm1xyhACeIF/xhBoDDD5KjXXzD84s73uF
pAYAnAwzrfPeLOycJScl+hvigL86VhLR
=cFUB
-----END PGP SIGNATURE-----

--=_MIME_CONTENT_BREAK_=_NZHRDBSCQSDTWZLUTFCCREKIFAYRUOM_=--

More information about the Gnupg-users mailing list