digital signature not validating in outlook, but validating everyw

[Guest]

All programs such as thunderbird, bouncy castle,
freenet.de/freenet/zugang/rechnung/signatur/index.html, and
http://www.d-trust.net/internet/content/pruefsoftware.html validate an S/MIME
signature, but outlook claims that the message has been tampered with.

Is there a way to have outlook provide more detailed diagnostics why it
thinks the signature is invalid?

I am happy to provide sample eMails with the new Swiss legally binding
qualified signatures...

 

[Milly Staples [MVP - Outlook]]

HAve you used the View Details option?

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. All
unsolicited mail sent to my personal account will be deleted without
reading.

After furious head scratching, Ralf Hauser asked:

| All programs such as thunderbird, bouncy castle,
| freenet.de/freenet/zugang/rechnung/signatur/index.html, and
| http://www.d-trust.net/internet/content/pruefsoftware.html validate
| an S/MIME signature, but outlook claims that the message has been
| tampered with.
|
| Is there a way to have outlook provide more detailed diagnostics why
| it thinks the signature is invalid?
|
| I am happy to provide sample eMails with the new Swiss legally binding
| qualified signatures...

 

[Guest]

Yes, I have used it and it says "Error:
The message contents may have been altered.
Signed by (e-mail address removed) using RSA/SHA1 at 6:16:57 PM 6/23/2006."

I am happy to forward the message and an almost identical one that does also
validate in outlook. I would be really great to know whether it is the hash
or whether it is some other reason why the signature fails in outlook.

 

[neo [mvp outlook]]

When you say "almost" identical, what is different between the two? (and by
the way, list servers can invalidate a signature because most modify the
from/sender line. this is enough to break a s\mime signature.)

 

[Guest]

When you say "almost" identical, what is different between the two?
- the certificate id is different
- the email the certificate was issued to is different
- the key usage is different (Non-repudiation (40) vs. Digital Signature,
Non-Repudiation (c0))
- the content is not the same
- the signing time is different (the last two are kind of obvious)

(and by
the way, list servers can invalidate a signature because most modify the
from/sender line. this is enough to break a s\mime signature.)

I know, therefore I am asking for an alternate channel to submit the sample
files...

 

[neo [mvp outlook]]

You can drop the online from my address and your samples will reach me.

 

[Guest]

Neo, thanks for the offer - did you get my messages yesterday?

 

[neo [mvp outlook]]

Have 1 message with subject of

Refined samples for the outlook signature validation problem

 

[Guest]

cool and did you also see the "Testdaten.zip" attachment? It contains the
validating and the non-validating version that are 99% identical.

Remaining differences:
- different RSA key-pairs
- different modulos

any insights?