Search code examples
emailencryptionemail-headerssmimerfc822

Encrypting Headers S/MIME message/rfc822


I am looking to encrypt certain mail headers (Subject and Reply-To) which are being sent in an encrypted mail. I am taking an entire MIME (Headers included) and successfully encrypting it. I can send this S/MIME encrypted mail to my mail client (Thunderbird) successfully. It will be successfully decrypted and verified as signed.

However, any headers that are sent in the inner encrypted MIME are not being used by my mail client.

According to RFC-5751 I should be wrapping my mail in a message/rfc822 message but I am at a loss at how to achieve this.

Below are examples of my messages that I am creating.

My first question is, is the last MIME that I am creating the message/rfc822 correctly structured? Is this possibly an issue with the mail client? Can I event encrypt the Reply-To Header?

If I could get an example of a mesage/rfc822 encapsulated message that would be really helpful.

Mail to be encrypted

This will successfully result in a received mail that is signed and the Subject / Reply-To headers are interpreted correctly by the mail client.

Content-Type: multipart/signed; protocol="application/pkcs7-signature";
 micalg=sha256; boundary="--_NmP-d017e0e3556f7bbc-Part_1"
From: [email protected]
Sender: senderdomain.com
To: [email protected]
Reply-To: [email protected]
Subject: A Secret Subject
Message-ID: <400b1383-362b-eed7-0719-6b2a2e231143>
Date: Mon, 24 Feb 2020 15:59:19 +0000
MIME-Version: 1.0

----_NmP-d017e0e3556f7bbc-Part_1
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

My Message that will be encrypted

----_NmP-d017e0e3556f7bbc-Part_1
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s

MIIOCAYJKoZIhvcNAQcCoIIN+TCCDfUCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg
gguTMIIFCDCCA/CgAwIBAgIQVz2HAGYJcTJNsPiWLx1f/TANBgkqhkiG9w0BAQsFADCBjTELMAkG
.
.
.
17p13e02JxfyCqltdb6lkOdpRZ6ZlHHuQZyBCuRtJhRN83gvcJ4d7WCxKI349NEa2/tOb8ziFGat
gzvgu+o=
----_NmP-d017e0e3556f7bbc-Part_1--

My Encrypted Mail

This encrypted mail will be received and successfully decrypted and verified (signature verified) by my mail client. Reply-To and Subject are still working as expected as they are still visible. Note: all the headers from the unencrypted mail are all still present inside the encrypted body of this message.

Sender: [email protected]
From: [email protected]
To: [email protected]
Subject:  A Secret Subject
Reply-To: [email protected]
Message-ID: <400b1383-362b-eed7-0719-6b2a2e231143>
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
 name=smime.p7m
Date: Mon, 24 Feb 2020 16:03:38 +0000
MIME-Version: 1.0

MIIYbwYJKoZIhvcNAQcDoIIYYDCCGFwCAQAxggG/MIIBuwIBADCBojCBjTELMAkG
.
.
.
O+EPVCh1fGDFwiFpDtY/z1Lv8g==

My Encapsulated message/rfc822

This message will be decrypted correctly but my client does not recognise that it was an encrypted message or verify that it was signed (Not worried about that so much). The decrypted mail is interpreted as forwarded and attached as an .eml file. However, no Subject or Reply-To headers found (they are in the encrypted mail). If I add dummy values as recommended by the RFC, those dummy values will be used by my mail client, not the encrypted ones.

Content-Type: message/rfc822; forwarded=false; boundary="--_NmP-07c15c542cedfe74-Part_1"
From: [email protected]
Sender: [email protected]
To: [email protected]
Date: Mon, 24 Feb 2020 15:28:07 +0000
Message-ID: <400b1383-362b-eed7-0719-6b2a2e231143>
MIME-Version: 1.0

----_NmP-07c15c542cedfe74-Part_1
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
 name=smime.p7m

MIIYbwYJKoZIhvcNAQcDoIIYYDCCGFwCAQAxggG/MIIBuwIBADCBojCBjTELMAkG
.
.
.
fYU1LuhSBEyymSVRzwWr2T3lrhUe5BZBoY996epZtOPdIYrz2jqUglii1+AUBpUP
UUnpr8+cHTMk/50LHdy3MqMeYA==
----_NmP-07c15c542cedfe74-Part_1

Edit: add excerpt from RFC

In RFC-8551 it states the following

In order to protect outer, non-content-related message header fields (for instance, the "Subject", "To", "From", and "Cc" fields), the
   sending client MAY wrap a full MIME message in a message/rfc822
   wrapper in order to apply S/MIME security services to these header
   fields.  It is up to the receiving client to decide how to present
   this "inner" header along with the unprotected "outer" header.  Given
   the security difference between headers, it is RECOMMENDED that the
   receiving client provide a distinction between header fields,
   depending on where they are located.

   When an S/MIME message is received, if the top-level protected MIME
   entity has a Content-Type of message/rfc822, it can be assumed that
   the intent was to provide header protection.  This entity SHOULD be
   presented as the top-level message, taking into account
   header-merging issues as previously discussed.

Solution

  • RFC 822 provides a generalized description of how message headers of an email are composed and should be treated by systems they are transmitted through. RFC 5751 S/MIME 3.2 (btw, obsoleted by it successor RFC 8551 S/MIME 4.0) describes details how to use that standard to create encrypted emails.

    So your approach to encrypt an email as described under My Encrypted Mail is valid and correct.

    However, your approach as described under My Encapsulated message/rfc822 is not quite correct. You have obviously misinterpreted the RFC with regard to how to apply the rfc822 wrapper. The wrapper needs to be around your message before it gets encrypted, so it's going to be inside the encrypted part.

    In your example, the unencrypted message (a slightly modified version Mail to be encrypted) would have to look like this:

    MIME-Version: 1.0
    Content-type: message/rfc822
    
    From: [email protected]
    Sender: senderdomain.com
    To: [email protected]
    Reply-To: [email protected]
    Subject: A Secret Subject
    Message-ID: <400b1383-362b-eed7-0719-6b2a2e231143>
    Date: Mon, 24 Feb 2020 15:59:19 +0000
    MIME-Version: 1.0
    Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="--_NmP-d017e0e3556f7bbc-Part_1"
    
    ----_NmP-d017e0e3556f7bbc-Part_1
    Content-Type: text/plain
    Content-Transfer-Encoding: 7bit
    
    My Message that will be encrypted
    [...]
    

    So you basically add the message/rfc822 to the message before it gets encrypted.

    I have been able to verify this approach and tested the resulting message in two receiving mail clients with different results. With the macOS Mail application, the encrypted subject was not used to replace the unprotected "outer" subject, but at least, it was displayed prominently below the original headers. This is compliant with the RFC which is not very specific about the presentation:

    It is up to the receiving client to decide how to present this "inner" header along with the unprotected "outer" header. Given the security difference between headers, it is RECOMMENDED that the receiving client provide a distinction between header fields, depending on where they are located.

    An encrypted Reply-To header is displayed similarly, but it's email address is not honored when replying to that email.

    Client Support

    The support for encrypted headers in clients is somewhere between weak and non-existent. The results of some tests:

    • No client supports replacing the "outer" headers by the "inner" encrypted ones
    • Apple Mail (macOS) displays the inner headers prominently within the message
    • Thunderbird displays the encrypted part including its headers as a forwarded message
    • Outlook does not display the encrypted part, but instead confusingly displays just an empty message with an attachment (which is the encrypted message)

    Alternative approaches

    There is a seemingly promising approach proposed in this draft for Protected Headers for Cryptographic E-mail (work in progress). The idea is to include the protected headers as a separate part in a multipart message. This part will be rendered inline by agnostic clients, while at the same time, it can be properly processed by supporting clients.