On 04/03/2016 06:56 PM, Matthias Henze wrote:
I've created a proof of concept Thunderbird add on (based on Display
Mail User Agent), which indicates if a incoming mail was encrypted an/or
signed. At the moment I'm a bit confused about the Ciphermail Headers. I
need to understand them better. What's all about these numbers?
These are the combinations I found so far. But I found no rule when a 1
appears and if, why. Could there be other numbers? My problem is that I
can ask the TB API only for complete headers and not for fragments. This
is why I need to know which combinations are possible.
Besides of these numbers I also need a good explanation what exactly
could be derived form the headers. E.g. is it possible that a signed
mail is verified but not trusted and vice versa.
An S/MIME email can be encrypted and signed on multiple (CMS) levels. In
most cases a message is first signed and then encrypted. However a
message can for example also be signed, then encrypted and again signed.
In principle there can be an unlimited number of levels of signing and
encryption (although most S/MIME clients will probably not be able to
handle the message). An message can also have multiple signers for the
same level. So for example the message is first signed by person A *and*
person B and then encrypted. Or to make it more exotic, a message if
first signed by person A, then encrypted, then signed by the gateway.
The information about these CMS levels is stored in the headers with
-0-0. -1-0 etc. For a brief explanation of these headers see:
If you need more detailed information please let me know.
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.