[horde] horde how to set up S/MIME to use 3DES 168-bit instead of RC2 40bit?

Michael M Slusarz slusarz at horde.org
Tue Jun 14 21:57:39 UTC 2011

Quoting Peter Irbizon <peterirbizon at gmail.com>:

>>> Not sure what you mean by this?  It looks like we pass the '-nodes'
> option to openssl in the Smime Crypt library.  If this is what >> >> you are
> talking about, I have no idea why this is the case (Patent issues?)
> I mean my s/mime encrypted messages are encrypted with 40bit RC2 only. I
> found in  /lib/Horde/Crypt smime.php line
> if (openssl_pkcs7_encrypt($input, $output, $params['pubkey'], array('To' =>
> $email)))
> and changed it to
> if (openssl_pkcs7_encrypt($input, $output, $params['pubkey'], array('To' =>
> $email),0,4)) {
> Now my messages are encrypted with 3DES 168bit but I hoped horde has ability
> to configure this setting in config file (if yes, where?)

This cipher parameter was not available in PHP 4 - it only became  
available as of PHP 5.0.  This is why it would not have been available  
in Horde 3, and nobody has previously brought up this issue during the  
Horde 4 release process.

If you could add this feature request to a ticket on  
http://bugs.horde.org/ so it doesn't get lost, that would be great.

>>> Public certificates for a contact are stored in Turba.
> Unfortunatelly I can't find storage for certs in turba folder.  But what's
> more in Settings>Email  Database of public SMIME is empty but when I want to
> add the same certificate/public key more times: "This person
> has smimePublicKey in directory." :/ What am I doing wrong?

The certificates are stored in whatever *backend* you have configured  
in turba (see turba/config/backends.php).  It is not stored in the  
physical web turba directory, for obvious reasons.


Michael Slusarz [slusarz at horde.org]

More information about the horde mailing list