[Cryptography] Vulnerability found in badly broken email apps that use PGP and S/MIME

[Peter Gutmann]

Werner Koch <wk at gnupg.org> writes:
>On Tue, 15 May 2018 03:08, pgut001 at cs.auckland.ac.nz said:
>> Unless your S/MIME implementation does authenticated encryption from 10+ years
>> ago, RFC 5083, in which case the gadget attack just bounces off.
>
>Do you know such a mailer or do you have at least test mails?

If you're just after test vectors, here's one, password-encrypted with
password "test" (which saves having to do the "send me your public key" /
"which format do you want it in" / "I can't read that, what about ..." game):

begin 666 env_authenc.der
M,((!,`8+*H9(AO<-`0D0`1>@@@$?,((!&P(!`#&!@:-_`@$`H"H&"2J&2(;W
M#0$%##`=!`CTRZZP*C_,2`(#`,-0,`P&""J&2(;W#0()!0`P+`8+*H9(AO<-
M`0D0`PDP'08)8(9(`64#!`$"!!"PTC_OL%DIP:OJ4.8`>51R!"!QP<G'H;]A
M+&PN/K]OZEI]%6[AO\SA7!YJ)HR<"Q>R*#!P!@DJADB&]PT!!P$P408+*H9(
MAO<-`0D0`P\P0J`3!``"`0$P#`8(*H9(AO<-`@D%`#`=!@E at AD@!90,$`0($
M$#=)&]RYHT/!+;M"AC!%SQ4P#`8(*H9(AO<-`@D%`(`0#$A:;5`>#O9QZ]XZ
F2AI"L at 0@6-BMZTUT.UU_[$J<U)Z^W`,15'OT.'1S0(_\#E;YO]T`
`
end

When it comes to mailers that implement it, I don't know of any.  That doesn't
mean none exist, merely that I don't know if any do it.  As with the PGP CFB-
attack paper from many years ago, maybe this will the the wakeup call that
gets mailers to finally support it.  In the same way that standard security is
typically by penetrate-and-patch, so mainstream crypto implementations often
go for the fix-it-after-it's-happened approach to these sorts of things.

Peter.