none
OWA not openning enc + signed emails created by OpenSSL RRS feed

  • Question

  • I am trying to create an android app which can send sign and encrypted mails using OpenSSL.

    So far I am able to send Signed Emails and verify them using both web browsers and my android apps.

    Same is the case with Encryption and Decryption.

    But now when I am trying to send signed+encrypted mails from my android app. The Exchange server is unable to verify/decrypt the mails sent from my android app.

    When I am trying to open these mails using OWA I get this error:

    One or more errors occurred while the message was being loaded. Error: (0x800ccef6)
    The digital signature of this message couldn't be validated because an error occurred while the message was being loaded.
    

    Any pointers about what this error code means?

    Sign Code:

    public static boolean Java_PKCS7Sign(File inputFile, File outputFile, PrivateKey privateKey, X509Certificate certificate, String signingAlgorithm) {
        try {
            String inputFilePath = inputFile.getAbsolutePath();
            String outputFilePath = outputFile.getAbsolutePath();
    
            byte arr[] = android.security.Credentials.convertToPem(certificate);
            InputStream certIs = new  ByteArrayInputStream(arr);
            OpenSSLX509Certificate openSSLcert = OpenSSLX509Certificate.fromX509PemInputStream(certIs);
            byte openSSLcertEncoded[] = openSSLcert.getEncoded();
            long signCertRef = NativeCrypto.d2i_X509(openSSLcertEncoded);
    
            OpenSSLKey oKey = OpenSSLKey.fromPrivateKey(privateKey);
            long evpKeyRef = oKey.getPkeyContext();
    
            //boolean res = PKCS7Sign(signCertRef, pkeyRef, certs, bioRef, flags, a, b)
            long arr1[] = new long[0];
            return PKCS7Sign(inputFilePath, signCertRef, evpKeyRef, arr1, outputFilePath);
        } catch (Exception e) {
            e.printStackTrace();
        }
    
    
        return false;
    }
    

    In the above code PKCS7Sign is a JNI call to OpenSSL. And the flags used are for signing are: int flgs = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_BINARY ;

    Encrypt Code:

    public static boolean Java_PKCS7encrypt(File inputData, File output, X509Certificate[] recipientCertificates, String encryptionAlgorithm) {
        if(!inputData.exists() || !output.exists())
            return false;
    
        try {
            fis = new FileInputStream(inputData);
            OpenSSLBIOInputStream bis = new OpenSSLBIOInputStream(fis);
            long bioRef = NativeCrypto.create_BIO_InputStream(bis);
    
            int certsRefArrLength = recipientCertificates.length;
            long certsRefArr[] = new long[certsRefArrLength];
            for (int i = 0; i < certsRefArrLength; i++) {
                byte arr[] = android.security.Credentials.convertToPem(recipientCertificates[i]);
                InputStream certIs = new  ByteArrayInputStream(arr);
                OpenSSLX509Certificate openSSLcert = OpenSSLX509Certificate.fromX509PemInputStream(certIs);
                byte openSSLcertEncoded[] = openSSLcert.getEncoded();
                certsRefArr[i] = NativeCrypto.d2i_X509(openSSLcertEncoded);
            }
    
            String outputFilePath = output.getAbsolutePath();
    
            return PKCS7encrypt(bioRef, certsRefArr, outputFilePath, encryptionAlgorithm);
    
    
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (CertificateEncodingException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return false;
    }
    

    Same as in case of sign PKCS7encrypt is a JNI call to OpenSSL. And flags used are:

    int flags = PKCS7_STREAM | PKCS7_BINARY;
    

    And cipher used for encryption is cipher = EVP_rc2_40_cbc();


    Friday, June 27, 2014 2:57 PM