[dev] Re: s/mime patches

Michael M Slusarz slusarz at bigworm.colorado.edu
Tue Dec 17 04:02:31 PST 2002 

Quoting Cliff Green <green@UMDNJ.EDU>:

| I've also added more to SMIME.php to support the management of the
| additional
| signing certs, but I'll wait until you've made your edits (it's getting a
| bit confusing keeping up and making the correct edits).

OK.  The basic framework for S/MIME composition is now setup.  However, I 
now see your issues when it comes to the openssl_pkcs7_sign() function.  
Simply put - I am not willing to use that function (or the other pkcs7 
functions) to create the S/MIME parts.  Using those functions completely 
eliminates using the MIME_Part functionality, not to mention IMP_Header:: 
functionality, etc.  This would cause us to set up two different regimes in 
compose.php to handle the two different cases (S/MIME messages vs. 
everything else) and that is not acceptable - considering that the single 
regime is not currently 100% foolproof!

I see the advantages of using openssl_pkcs7_sign() - mainly it combines a 
number of steps into a single function.  But we don't _want_ or _need_ a 
MIME formatted message in return - all we need is the data for each 
individual part and we can piece together the data ourselves in the 
existing MIME_Part framework.  E.g. look at the PGP functions - we 
separately get the encrypted information, signature information, etc. and 
then piece together the parts to form an accepted OpenPGP message.  Thus, 
we will have to find a way to use the openssl_sign(), openssl_get_publickey
() functions, etc. to accomplish what we need to do.  If this is not 
possible, I think we should seriously look at using the command line 
client, at least at the present PHP development time (using the command 
line vs. using PHP builtin functions _should_ be completely transparent 
outside Horde_Crypt_smime -- if not, then we need to fix things so this is 
true.)

I do not know much (anything) about S/MIME at present, but I will try to 
look at the documentation in the next few days to figure out if this is 
feasible.  If anyone else wants to beat me to it, that would be just fine 
also.

And thank you for the code you have provided Cliff - it really is much 
appreciated and has help us set up the basic framework of the S/MIME 
composition code - if not motivate us to tackle the issue further.

michael

______________________________________________
Michael Slusarz [slusarz@bigworm.colorado.edu]
The University of Colorado at Boulder

More information about the dev mailing list