Supported encryption algorithms in Secure Mail components

0 votes
asked Apr 21, 2017 by minam (270 points)

Due to a planned mail encryption and signing policy changes, I need to know if the Secure Mail and Sftp components support the following requirements:

  • Signature algorithm: RSASSA-PSS as per IETF RFC 4056

  • Key encryption: RSAES-OAEP as per IETF RFC 3447

  • Content encryption: AES-128 CBC or AES-192 CBC as per IETF RFC 3565

I would appreciate if someone could point/give information on this issue.

Best regards,

1 Answer

0 votes
answered Apr 21, 2017 by Lukas Pokorny (94,670 points)
edited Oct 31, 2017 by Lukas Pokorny

Rebex Secure Mail supports AES-128/AES-192/AES-256 in CBC mode.

Full support for RSAES-OEAP (RSA encryption with OAEP) and RSASSA-PSS (RSA signatures with PSS) has been added in Rebex Secure Mail 2017 R6.

Rebex SFTP transport layer is SSH protocol, and our implementation does support AES-128/AES-192 in CBC mode. However, RFC 3565 nd 4056 are not relevant for SSH - they extend Cryptographic Message Syntax (CMS), which is the core of S/MIME, but not of SSH. RSAES-OAEP in SSH is not supported either - RFC 4432 defines the appropriate key exchange cipher based on this, but it's seldom used (unlike classic or elliptic curve Diffie-Hellman which is ubiquitous) and not supported by Rebex SSH at the moment. Sorry!

...