Supported encryption algorithms in Secure Mail components

0 votes
asked Apr 21 by minam (210 points)

Due to a planned mail encryption and signing policy changes, I need to know if the Secure Mail and Sftp components support the following requirements:

  • Signature algorithm: RSASSA-PSS as per IETF RFC 4056

  • Key encryption: RSAES-OAEP as per IETF RFC 3447

  • Content encryption: AES-128 CBC or AES-192 CBC as per IETF RFC 3565

I would appreciate if someone could point/give information on this issue.

Best regards,

1 Answer

0 votes
answered Apr 21 by Lukas Pokorny (85,050 points)
edited Jul 11 by Lukas Pokorny

Rebex Secure Mail supports AES-128/AES-192 in CBC mode, but does not support RSASSA-PSS or RSAES-OAEP yet. We are currently working on these features and a development build with decrypt-only OAEP support is already available for testing.

Rebex SFTP transport layer is SSH protocol, and our implementation does support AES-128/AES-192 in CBC mode. However, RFC 3565 nd 4056 are not relevant for SSH - they extend Cryptographic Message Syntax (CMS), which is the core of S/MIME, but not of SSH. RSAES-OAEP in SSH is not supported either - RFC 4432 defines the appropriate key exchange cipher based on this, but it's seldom used (unlike classic or elliptic curve Diffie-Hellman which is ubiquitous) and not supported by Rebex SSH at the moment. Sorry!

...