S/MIME signature: "Content-Type: text/plain" added to message (39.0.0) #8298
Description
Hey,
I'm observing a weird behavior when signing with S/MIME since version 39.0.0: it seems like an additional "Content-Type: text/plain" is added to the message after signing it.
My code looks like this:
from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.serialization import pkcs7
with open("test.cert", "rb") as cc:
cert = x509.load_pem_x509_certificate(cc.read())
with open("test.key", "rb") as ck:
key = serialization.load_pem_private_key(ck.read(), None)
msg = "test"
options = [pkcs7.PKCS7Options.DetachedSignature, pkcs7.PKCS7Options.Text]
signed_msg = (
pkcs7.PKCS7SignatureBuilder()
.set_data(bytes(msg, "utf-8"))
.add_signer(cert, key, hashes.SHA256())
.sign(serialization.Encoding.SMIME, options)
)
with open("/tmp/msg.txt", "wb") as msg_file:
msg_file.write(signed_msg)
With cryptography 38.0.4, the relevant part is
This is an S/MIME signed message
------A78EE028A05FC73322259A20ED9EAAAE
Content-Type: text/plain
test
------A78EE028A05FC73322259A20ED9EAAAE
and openssl smime -verify -in /tmp/msg.txt -noverify is successful.
With cryptography 39.0.0, I get
This is an S/MIME signed message
--===============0873037622973214044==
Content-Type: text/plain
Content-Type: text/plain
test
--===============0873037622973214044==
and the verification with openssl fails.
After manually removing the additional "Content-Type: text/plain" from the file, it succeeds again.