#12 S/MIME cipher is 56 bit DES, contrary to RFCs

[Anonymous]

The most recent S/MIME RFC (5751) says (in 2.7.1.2) that sending agents should use AES-128 (or tripleDES as an alternative) when the capabilities of the receiving agent are unknown. The preceding RFC 3851 says tripleDES then RC2/40, as does RFC 2633.

Re-alpine 2.02 ignores these recommendations and uses 56 bit DES instead, presumably as an improvement on RC2/40 (though DES isn't really adequate either, these days).

It's a one-liner to bring Re-alpine in line with RFC 5751 in this respect:

--- pith/smime.c.aes128 2011-10-25 11:37:54.000000000 +0100
+++ pith/smime.c 2011-10-25 11:43:08.000000000 +0100
@@ -1330,7 +1330,9 @@
dprint((9, "encrypt_outgoing_message()"));
smime_init();

- cipher = EVP_des_cbc();
+// cipher = EVP_des_cbc();
+// AJB 20111025 - upgrade to 128 bit AES as per RFC5751
+ cipher = EVP_aes_128_cbc();

encerts = sk_X509_new_null();

[Nobody/Anonymous]

[Andraž Levstik]

Commited to master.