[imp] PGP and S/MIME

Andreas Dahlén andreas@dahlen.ws
Tue, 7 May 2002 21:53:19 +0200


I've been looking at implementing S/MIME in IMP. I've been waiting 
for the PGP-functionality to be more or less stable, which I think 
it is now.

I've some thoughts about the S/MIME implementation;

* Use of external program or internal function calls.
I'm thinking of using external call to openssl, as PGP calls gpg.
The openssl-functions in PHP could be used, but since thay are 
experimental I don't think that a good idea. Comments?

* Storing of Certificates
Store peoples certificates in Turba (as for PGP public keys). Just 
add a new field "certificate" and change the api to handle both 
PGP-keys and S/MIME-certificates.
The personal certificate is stored in the prefs-subsystem, as for 
private PGP keys. The private certificate is encrypted with a 
passphrase similiar to PGP.

* Root Certificates
The root certificates are needed to verify signatures. How should 
they be stored? My suggestion is to use ca-bundle.crt that comes 
with mod_ssl.

* Compose Screen
To implement S/MIME there are two choices (at least);
- Two sections "PGP Options" and "S/MIME Options" with buttons for 
sending signed and/or encrypted messages.
- One section "Encryption" with radiobuttons for "PGP 
encrypt", "PGP Sign", "PGP Encrypt/Sign", "S/MIME Sign", "S/MIME 
Encrypt" and "S/MIME Encrypt/Sign". The message would then be sent 
with the ordinary "Send Message"-button.
I would prefer the latter one. Comments/Suggestions?

Any other thoughts/suggestions regarding S/MIME? 
Is there anyone else that have been working on it?

/Andreas