Trouble receiving signed messages over Blackberry Internet Service
by Volker Weber
Last week I found something that does not work on the Blackberry. I was receiving a message from Thomas Lang. The body was empty. I was suspecting that the message was encrypted and that I could not read it, because nobody had the private key, neither the device, nor the mail gateway.
When I checked my mail with Apple Mail, I found that the message was indeed S/MIME, but it was only signed. I was puzzled, since I had received (clear-)signed messages before on the Blackberry without problems. Looking at the raw message source of messages I was able to read, I found this stucture:
--Apple-Mail-6-605332454
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
format=flowedTest
--Apple-Mail-6-605332454
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s... big block of junk goes here ...
--Apple-Mail-6-605332454--
As you can see there is a boundary (--Apple-Mail-6-605332454) between the different parts of the message. The first block contains the message itself, the second part contains the signature that I cut out because it is just a big block of base64 code anyway. However, the message from Thomas was different. It was coming in from Notes 7.0 looked like this:
This is an S/MIME signed message.
---------z59229_boundary_sign
Content-Type: multipart/alternative; boundary="=_alternative 0022904DC1257093_="This is a multipart message in MIME format.
--=_alternative 0022904DC1257093_=
Content-Type: text/plain; charset="US-ASCII"Test
--=_alternative 0022904DC1257093_=
Content-Type: text/html; charset="US-ASCII"<br><font size=2 face="sans-serif">Test</font>
--=_alternative 0022904DC1257093_=-----------z59229_boundary_sign
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature... big block of junk goes here ...
---------z59229_boundary_sign--
We tried the same with Notes 6.5, and it uses exactly the same format. I suspect that the Blackberry Internet Service chokes on the two level boundaries. The first one (---------z59229_boundary_sign--) separates the message from the signature, whereas the second one (--=_alternative 0022904DC1257093_=--) separates the two different MIME parts which contain the message as both text and HTML.
Sending the same message to a Blackberry Enterprise Server does not cause any trouble. The BES is able to send a readable message to the client, where the BIS fails.
Does anybody know enough about the two different formats to explain?
Comments
Don't know if this is related but I remember a case where someone complained about the MIME encoding of Notes because it adds blank lines before and/or after the boundaries. Somehow he had problems with these attachments and insisted these blank lines shouldn't be there. I didn't find any specification which forbids this, though.
Yes, I can explain but I think you already have it.
The difference between the two is that the Notes message has text and HTML alternatives. If you try sending a signed message in plain text only from Notes, you will see that the structure is very similar to your Apple Mail example and I expect the BIS server would have no trouble with it.
The faulty behaviour here is in BIS, not Notes.
Chris, we just tested this, and you are right. When Notes is set to send Text Only or HTML Only, then BIS does not have have a problem. It is only when Notes send Text and HTML, and the user signs a messages, BIS is no longer able to decode it. We shall report this to RIM as a bug.
Post a comment
Recent comments
Dirk Steins
on OpenOffice.org 3.0 ships at 13:45
Steffen Pelz
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 13:00
Volker Weber
on OpenOffice.org 3.0 ships at 11:19
Eva Quirinius
on OpenOffice.org 3.0 ships at 10:55
Jan-Piet Mens
on OpenOffice.org 3.0 ships at 09:50
Andrew Pollack
on Working Lego V8, 32 valve engine at 09:38
Michael Reichert
on OpenOffice.org 3.0 ships at 08:50
Ingo Schaefer
on OpenOffice.org 3.0 ships at 08:48
Volker Weber
on OpenOffice.org 3.0 ships at 00:06
Bruce Elgort
on OpenOffice.org 3.0 ships at 23:42
Roy Heidemann
on Absolute Pure theme for Nokia E71 at 23:36
Volker Weber
on Absolute Pure theme for Nokia E71 at 22:19
Bernd Baltz
on Absolute Pure theme for Nokia E71 at 16:10
Samuel Orsenne
on Working Lego V8, 32 valve engine at 13:39
Bill Buchan
on Working Lego V8, 32 valve engine at 12:17
Kevan Emmott
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 20:57
Sudeep Reddy Sama
on N70 drops off the network in dual mode at 20:09
Volker Weber
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 17:37
Paul Mooney
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 17:26
Kevin Pettitt
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 16:36
Victor Toal
on Bluehouse does not support my browser at 16:33
Vince Schuurman
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 15:32
michel platoche
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 14:21
Ben Poole
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 13:11
Volker Weber
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 12:34
Click here to subscribe
