Trouble receiving signed messages over Blackberry Internet Service

by Volker Weber

Last week I found something that does not work on the Blackberry. I was receiving a message from Thomas Lang. The body was empty. I was suspecting that the message was encrypted and that I could not read it, because nobody had the private key, neither the device, nor the mail gateway.

When I checked my mail with Apple Mail, I found that the message was indeed S/MIME, but it was only signed. I was puzzled, since I had received (clear-)signed messages before on the Blackberry without problems. Looking at the raw message source of messages I was able to read, I found this stucture:

--Apple-Mail-6-605332454
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
format=flowed

Test
--Apple-Mail-6-605332454
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s

... big block of junk goes here ...

--Apple-Mail-6-605332454--

As you can see there is a boundary (--Apple-Mail-6-605332454) between the different parts of the message. The first block contains the message itself, the second part contains the signature that I cut out because it is just a big block of base64 code anyway. However, the message from Thomas was different. It was coming in from Notes 7.0 looked like this:

This is an S/MIME signed message.

---------z59229_boundary_sign
Content-Type: multipart/alternative; boundary="=_alternative 0022904DC1257093_="

This is a multipart message in MIME format.
--=_alternative 0022904DC1257093_=
Content-Type: text/plain; charset="US-ASCII"

Test
--=_alternative 0022904DC1257093_=
Content-Type: text/html; charset="US-ASCII"

<br><font size=2 face="sans-serif">Test</font>
--=_alternative 0022904DC1257093_=--

---------z59229_boundary_sign
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

... big block of junk goes here ...

---------z59229_boundary_sign--

We tried the same with Notes 6.5, and it uses exactly the same format. I suspect that the Blackberry Internet Service chokes on the two level boundaries. The first one (---------z59229_boundary_sign--) separates the message from the signature, whereas the second one (--=_alternative 0022904DC1257093_=--) separates the two different MIME parts which contain the message as both text and HTML.

Sending the same message to a Blackberry Enterprise Server does not cause any trouble. The BES is able to send a readable message to the client, where the BIS fails.

Does anybody know enough about the two different formats to explain?

Comments

Don't know if this is related but I remember a case where someone complained about the MIME encoding of Notes because it adds blank lines before and/or after the boundaries. Somehow he had problems with these attachments and insisted these blank lines shouldn't be there. I didn't find any specification which forbids this, though.

Oliver Regelmann, 2005-10-14

Yes, I can explain but I think you already have it.

The difference between the two is that the Notes message has text and HTML alternatives. If you try sending a signed message in plain text only from Notes, you will see that the structure is very similar to your Apple Mail example and I expect the BIS server would have no trouble with it.

The faulty behaviour here is in BIS, not Notes.

Chris Linfoot, 2005-10-14

Chris, we just tested this, and you are right. When Notes is set to send Text Only or HTML Only, then BIS does not have have a problem. It is only when Notes send Text and HTML, and the user signs a messages, BIS is no longer able to decode it. We shall report this to RIM as a bug.

Volker Weber, 2005-10-15

Old vowe.net archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Paypal vowe