[horde] smime question, how does horde check certs
Jan Eberhardt
j.eberhardt at hrz.uni-frankfurt.de
Thu Mar 19 13:15:09 UTC 2015
My Use-Case is the following:
User 1 and User 2 are user of the same horde instance.
User 1: Uploads his public certificate to horde and sends a encrypted
message to user 2 (Note: user 2 does not have the public cert of user 1)
User 2: Receives the encrypted message from user 1, horde should check
the public certificate of user 1 and iff valid use it to encrypt the
message from user 1.
I want that horde checks the public certs it knows about, to decrypt
encrypted messages a user receives from another.
I also want, that User 2 can send a encrypted message to User 1,
without sending User 1 his public cert in advance.
Kind regards
Jan Eberhardt
Zitat von Arjen de Korte <arjen+horde at de-korte.org>:
> Citeren Jan Eberhardt <j.eberhardt at hrz.uni-frankfurt.de>:
>
>> Hi,
>>
>> I have a little issue with Horde 5. How does Horde 5 check if an
>> certificate from a signed mail (via s/mime) is still valid?
>
> Horde uses the OpenSSL PHP extension, which is mentioned in the
> installation instructions for IMP:
>
> http://www.horde.org/apps/imp/docs/INSTALL
>
>> To get more clear: Which component of Horde 5 performs the check?
>> Are there settings in the Horde 5 config, which may be helpful?
>
> Horde_Crypt (in Horde/Crypt/Smime.php) calls openssl_pkcs7_verify to
> check for the validity of S/MIME signed messages:
>
> http://php.net/manual/en/function.openssl-pkcs7-verify.php
>
>> I would like to add a OCSP resource to Horde 5.
>
> Just out of curiosity, what are you trying to achieve with that?
>
>> Kind regards,
>> Jan Eberhardt
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
>
> --
> This message was sent from a mailinglist subscription address.
> For off-list replies, you must remove the address extension.
More information about the horde
mailing list