Skip to main content

Crate smime_tree

Crate smime_tree 

Source
Expand description

S/MIME sign, verify, encrypt, and decrypt via caller-provided key traits.

§Quick start

use smime_tree::{sign, verify, encrypt, decrypt};
use smime_tree::{SigningKey, DecryptionKey, NoRevocationCheck};
use x509_cert::Certificate;
use std::time::SystemTime;

// Sign a MIME body part.
// key implements SigningKey; returns multipart/signed bytes.
let signed = sign(content_mime, &[&key], SystemTime::now()).expect("sign failed");

// Verify a multipart/signed message.
// signed_content: exact bytes of the signed part (from mime-tree byte ranges).
// signature_der: DER of the application/pkcs7-signature part (base64-decoded).
let result = verify(&signed_content, &signature_der, &trust_anchors,
                    SystemTime::now(), &NoRevocationCheck)
    .expect("verify failed");
assert!(result.is_verified());

// Encrypt a MIME body part to one or more recipient certificates.
let encrypted = encrypt(inner_mime, &recipient_certs).expect("encrypt failed");

// Decrypt an enveloped-data blob.
// key implements DecryptionKey; returns inner plaintext bytes.
let plaintext = decrypt(&enveloped_der, &key).expect("decrypt failed");

§Design

  • Trait-based keys: SigningKey and DecryptionKey abstract over key location — in-memory, HSM, or hardware token — without the crate needing to know the difference.
  • No network calls: certificate chain validation uses a trust store supplied by the caller. RevocationChecker is an injected trait; use NoRevocationCheck to skip OCSP/CRL.
  • No async: all operations are synchronous.
  • Supported algorithms:
    • Sign/verify: RSA PKCS#1 v1.5 (SHA-256/384/512); ECDSA P-256 (SHA-256 only), P-384 (SHA-384 only). P-521 is not supported.
    • Encrypt: AES-128-GCM (RSA/P-256 recipients), AES-256-GCM (P-384 recipients) via AuthEnvelopedData (RFC 5083).
    • Decrypt: AES-128/256-GCM (AuthEnvelopedData) and AES-128/256-CBC (EnvelopedData, legacy).
    • Key transport: RSA PKCS#1 v1.5 (KeyTransRecipientInfo).
    • Key agreement: ECDH P-256 + AES-128-KW, ECDH P-384 + AES-256-KW (KeyAgreeRecipientInfo).

§Known Limitations

  • AES-CBC decryption (legacy) is unauthenticated. decrypt() accepts both AuthEnvelopedData (AES-GCM, authenticated) and EnvelopedData (AES-CBC, unauthenticated). The CBC path is retained for interoperability with existing S/MIME deployments but exposes callers to padding oracle and EFAIL-class (CVE-2017-17688) risks. See the decrypt function-level docs for mitigation guidance.
  • RSA-PSS signatures are not supported for certificate chain validation. Real-world S/MIME CAs overwhelmingly use RSA-PKCS1v15 or ECDSA; RSA-PSS CA signatures are rare in practice. File an issue if you need it.
  • RSA key transport uses PKCS#1 v1.5 (ktri), not RSAES-OAEP. PKCS#1 v1.5 is deprecated by RFC 8017 in favour of OAEP and is susceptible to Bleichenbacher padding oracle attacks in interactive decryption scenarios.

Structs§

KariAlgorithm
Combined algorithm parameters for ECDH key agreement (KeyAgreeRecipientInfo).
NoRevocationCheck
A no-op RevocationChecker that accepts all certificates without consulting OCSP or CRL.
SignerResult
Result for a single SignerInfo within a SignedData.
VerificationResult
Overall result from verifying a multipart/signed S/MIME message.

Enums§

CertChainError
Structured failure reason for certificate chain validation.
DigestAlgorithm
Digest algorithm used when creating or verifying a signature.
EcCurve
Elliptic curve selection for ECDH key agreement.
KariKeyAgreement
ECDH key derivation scheme used in KeyAgreeRecipientInfo (RFC 5753 §7.1.4).
KeyEncryptionAlgorithm
Algorithm used to encrypt (wrap) the content-encryption key.
KeyWrapAlgorithm
AES key wrap algorithm used to protect the content-encryption key in KARI.
RecipientIdentifier
Identifies the recipient of an encrypted message. Used by DecryptionKey::matches_recipient to find the right key.
SmimeError
Error type for S/MIME operations.

Traits§

DecryptionKey
Abstraction over a private key capable of decrypting an S/MIME message.
RevocationChecker
Trait for checking certificate revocation status during signature verification.
SigningKey
Abstraction over a private key capable of signing an S/MIME message.

Functions§

decrypt
Decrypt an S/MIME EnvelopedData or AuthEnvelopedData blob.
encrypt
Encrypt inner_mime bytes to all recipients.
sign
Sign MIME content. Returns multipart/signed outer MIME bytes.
verify
Verify a detached CMS SignedData against raw signed content.