Description of problem: Signing an S/MIME message generates a truncated message without any signature. Tried on fc13 i686 and x86_64 and got the same result. However it works in Ubuntu 10.04 with package version python-m2crypto-0.20.1. Version-Release number of selected component (if applicable): m2crypto-0.20.2-7.fc13 How reproducible: Follow this tutorial up to the "Sign" section: http://sandbox.rulemaker.net/ngps/m2/howto.smime.html Steps to Reproduce: 1.Generate some example keys and certificates: openssl req -newkey rsa:1024 -nodes -x509 -days 365 -out signer.pem mv privkey.pem signer_key.pem 2.Run the following python script: from M2Crypto import BIO, Rand, SMIME def makebuf(text): return BIO.MemoryBuffer(text) # Make a MemoryBuffer of the message. buf = makebuf('a sign of our times') # Seed the PRNG. Rand.load_file('randpool.dat', -1) # Instantiate an SMIME object; set it up; sign the buffer. s = SMIME.SMIME() s.load_key('signer_key.pem', 'signer.pem') p7 = s.sign(buf) # Recreate buf. buf = makebuf('a sign of our times') # Output p7 in mail-friendly format. out = BIO.MemoryBuffer() out.write('From: sender\n') out.write('To: recipient\n') out.write('Subject: M2Crypto S/MIME testing\n') s.write(out, p7, buf) print out.read() Actual results: From: sender To: recipient Subject: M2Crypto S/MIME testing MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="----03D6C4E70DC75EF73B1EC56752C7DB8D" This is an S/MIME signed message ------03D6C4E70DC75EF73B1EC56752C7DB8D a sign of our times Expected results: From: sender To: recipient Subject: M2Crypto S/MIME testing MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----3F7BF7C54B3B0FC83AA1763644002CC8" This is an S/MIME signed message ------3F7BF7C54B3B0FC83AA1763644002CC8 a sign of our times ------3F7BF7C54B3B0FC83AA1763644002CC8 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIETgYJKoZIhvcNAQcCoIIEPzCCBDsCAQExCzAJBgUrDgMCGgUAMCIGCSqGSIb3 DQEHAaAVBBNhIHNpZ24gb2Ygb3VyIHRpbWVzoIICVjCCAlIwggG7oAMCAQICCQC9 Y/e4Pl4ZJTANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJBUjEVMBMGA1UEBwwM RGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMB4XDTEw MDcyNzA0MjU1N1oXDTExMDcyNzA0MjU1N1owQjELMAkGA1UEBhMCQVIxFTATBgNV BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoHf/k7EBVl0QW7ATFl2CSNOm7ySt ox0h8ALp5SxnTnm6Qz8pUdzmEUN807yeQlnSnLfPUi5TaCXKxeTYlNLlgJulX0gq iWdra3HoTMPZXgEoDuiFZiSht8UlCun3oFaNaIgDKfMP98/9hs2/wQkkA6jLYerw GTTeOfRij6u0GJcCAwEAAaNQME4wHQYDVR0OBBYEFAXpYtAarwExEPMUfeD5JK+b XWsKMB8GA1UdIwQYMBaAFAXpYtAarwExEPMUfeD5JK+bXWsKMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQEFBQADgYEAB3InA3/jTJEN9j4X+h0P3CjkCSuvYoXHRg5d 8jP79koq/+jO5nk5SZqg4nkY2tmlfjfAlzunAAVeGYNNFnj12/2ZKuWBLUz8kgao nqhJ419hdPyyRkT2a7Uw/k7Ru9z4grV/SD/j5KXq/amieMnY0efYLtGt+T9Z8K8K Ny2iPW8xggGpMIIBpQIBATBPMEIxCzAJBgNVBAYTAkFSMRUwEwYDVQQHDAxEZWZh dWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQCCQC9Y/e4Pl4Z JTAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTEwMDcyNzA1MTcxNlowIwYJKoZIhvcNAQkEMRYEFOoeRUd8ExIY XfQq8BTFuKWrSP3iMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo MA0GCSqGSIb3DQEBAQUABIGAVMV/v8qdH9zFuOjtfXMIyP3UHhL9In2Zm1J+G8Pi V6ilTiCSipubnlkuOb6AC5g5pIObIzdl1MYJBdKYRVNIn1ScTpHnvQuNFwjA2yJw Ojqnq1NZvsGQru6ksKxO4kdjKUhEB5C69K49Tphnhsoc8wKilMYeX/T0ft4TBJAO uhk= ------3F7BF7C54B3B0FC83AA1763644002CC8--
Thanks for your report. I'm afraid the HOWTO is incorrect, at least for current versions of OpenSSL. Both "s.sign" and "s.write" must use the same value of the SMIME.PKCS7_DETACHED flag; passing a third argument to SMIME.write implies SMIMEl.PKCS7_DETACHED. I get something looking like the expected result after replacing the "s.sign" line with p7 = s.sign(buf, SMIME.PKCS7_DETACHED) Scripts from the howto are shipped in the m2crypto package and should be fixed; I'll keep this bug open to track that.
That fixed the issue. Thanks!
Patch submitted upstream: https://bugzilla.osafoundation.org/show_bug.cgi?id=13020
m2crypto-0.21.1-3.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/m2crypto-0.21.1-3.fc15
Package m2crypto-0.21.1-3.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing m2crypto-0.21.1-3.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/m2crypto-0.21.1-3.fc15 then log in and leave karma (feedback).
m2crypto-0.21.1-3.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
python26-m2crypto-0.21.1-5.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/python26-m2crypto-0.21.1-5.el5
python26-m2crypto-0.21.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.