Skip to main content

Signing with S/MIME

info

The implementation code is available in our code repository.

The Halon platform features support for PKCS7 signing which can be used to create S/MIME signatures. In the simplest and most common implementation you will sign the messages' body (including all the the MIME parts), restructuring the message by wrapping the original message body in a new MIME part and attaching an additional pkcs7-signature (this is commonly know as a detached signature).

In order to do this transformation safely (and keep MIME the structure of the original message) some headers needs to be copied from the original message body the new MIME part and some needs to added to the message header. That is; the Content-Type, Content-Transfer-Encoding, Content-Disposition and MIME-Version headers needs to be copied to the new MIME body and the Content-Transfer-Encoding and Content-Disposition headers should be removed from the message header. A new Content-Type (and MIME-Version) header also needs to be added.

The highlighted text in the "Modified" tab is what is protected in the S/MIME signature.

Subject: Hello
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------68C49DC2C23AB181018F6038"

This is a multi-part message in MIME format.
--------------68C49DC2C23AB181018F6038
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

World
--------------68C49DC2C23AB181018F6038
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>World</p>
  </body>
</html>
--------------68C49DC2C23AB181018F6038--