[dev] S/MIME help

[Cliff Green]

Sorry.  My last msg was sent unfinished and premature.

Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:

> I'd like to try out the S/MIME support.  But there are almost no comments in
> the code and the help files are mostly empty.  So as to fix this, I need some
> help.  My first two questions are:
> 
> What format do you import the S/MIME key(s) in?
I'm using PEM.  Cut 'n paste.

I've been using 'openssl pkcs12 -in <my exported pkcs12 file> -clcerts' and
parsing out the BEGIN/END RSA PRIVATE KEY lines for the <ahem> private key,  and
the BEGIN/END CERTIFICATE lines for the certificate.

> Looks like it wants .pem files, as opposed to say p12 files?  Or does it work
with multiple formats?

I haven't seen any pkcs12-related functions in PHP, so I'd expect to call the
openssl binary externally.  Bummer.  Not Elegant.

Actually, now that I look closer, http://www.php.net/manual/en/ref.openssl.php
has notes to the effect that only PEM format data is handled.

 
> How can you, or can you, view the keys you have imported?

I don't see any UI for that yet.  I've been checking the sql table out of horde,
but that's not a viable option, and we really ought to have more.  One Day, Real
Soon.  <g>

For what it's worth, I've been trying to extend the 'openssl_cafile' option, to
use an array containing more than just the one file, per documentation.  So far,
no go.  (I need to support our private hierarchy as well as the public one - I
wonder if there should be an admin interface for this).

c
-- 
Cliff Green
Academic Computing Services - UMDNJ
Signature under NDA