[imp] PGP and S/MIME
Andreas Dahlén
andreas@dahlen.ws
Tue, 7 May 2002 21:53:19 +0200
I've been looking at implementing S/MIME in IMP. I've been waiting
for the PGP-functionality to be more or less stable, which I think
it is now.
I've some thoughts about the S/MIME implementation;
* Use of external program or internal function calls.
I'm thinking of using external call to openssl, as PGP calls gpg.
The openssl-functions in PHP could be used, but since thay are
experimental I don't think that a good idea. Comments?
* Storing of Certificates
Store peoples certificates in Turba (as for PGP public keys). Just
add a new field "certificate" and change the api to handle both
PGP-keys and S/MIME-certificates.
The personal certificate is stored in the prefs-subsystem, as for
private PGP keys. The private certificate is encrypted with a
passphrase similiar to PGP.
* Root Certificates
The root certificates are needed to verify signatures. How should
they be stored? My suggestion is to use ca-bundle.crt that comes
with mod_ssl.
* Compose Screen
To implement S/MIME there are two choices (at least);
- Two sections "PGP Options" and "S/MIME Options" with buttons for
sending signed and/or encrypted messages.
- One section "Encryption" with radiobuttons for "PGP
encrypt", "PGP Sign", "PGP Encrypt/Sign", "S/MIME Sign", "S/MIME
Encrypt" and "S/MIME Encrypt/Sign". The message would then be sent
with the ordinary "Send Message"-button.
I would prefer the latter one. Comments/Suggestions?
Any other thoughts/suggestions regarding S/MIME?
Is there anyone else that have been working on it?
/Andreas