[imp] PGP and S/MIME

Arkadiusz Goralski goral@unet.pl
Wed, 8 May 2002 23:35:53 +0200


Hi,

On Tuesday 07 May 2002 21:53, Andreas Dahlén wrote:
> I've been looking at implementing S/MIME in IMP. I've been waiting
> for the PGP-functionality to be more or less stable, which I think
> it is now.

Well, we're working on implementing support for S/MIME in IMP. But the
whole process of signing the message is done on the client-side, the
problem is to build a proper email message (according to IETF RFC
2633) from the data sent by the Browser.

> I've some thoughts about the S/MIME implementation;
>
> * Use of external program or internal function calls.
> I'm thinking of using external call to openssl, as PGP calls gpg.
> The openssl-functions in PHP could be used, but since thay are
> experimental I don't think that a good idea. Comments?

I think it should be done (if possible) on the client-side. IMP should
only do  it's job: create proper messages for sendmail or other MTA.

> * Storing of Certificates
> Store peoples certificates in Turba (as for PGP public keys). Just
> add a new field "certificate" and change the api to handle both
> PGP-keys and S/MIME-certificates.
> The personal certificate is stored in the prefs-subsystem, as for
> private PGP keys. The private certificate is encrypted with a
> passphrase similiar to PGP.

This seems to be the only solution, but we've managed to actually sign
the message within the web browser and put the signed message back into
the HTML form for further operations (sending etc.). You can select
with which key you want to sign the message from the combo box.

Additionally you can sign the message with using your private key
stored on a smart card or other hardware modules.

And the best part is, that all is done on the client-side, so you
don't have to build PHP with openssl modules or play with S/MIME.
All you have to do is to acctually send the message.

BUT if you want to read the signed/encrypted message, then IMP must
support reading such mails.

> * Root Certificates
> The root certificates are needed to verify signatures. How should
> they be stored? My suggestion is to use ca-bundle.crt that comes
> with mod_ssl.

RootCA ID's should also stay on the client-side (for MS IE -> Windows
registry or Netscaper cert{5,7}.db) and the process of deciding
whether a particular RootCA is trusted or not should also be performed
on the client-side.

> * Compose Screen
> To implement S/MIME there are two choices (at least);
> - Two sections "PGP Options" and "S/MIME Options" with buttons for
> sending signed and/or encrypted messages.
> - One section "Encryption" with radiobuttons for "PGP
> encrypt", "PGP Sign", "PGP Encrypt/Sign", "S/MIME Sign", "S/MIME
> Encrypt" and "S/MIME Encrypt/Sign". The message would then be sent
> with the ordinary "Send Message"-button.
> I would prefer the latter one. Comments/Suggestions?

Acctually we're willing to implement client-side message
signing/encrypting in IMP, but only for 2 browsers:

1. MS Internet Explorer >=4 (via native capicom.dll)
2. Netscape (via Netscape Form SIgning Functions) - not yet tested,
but we're working on it :)

> Any other thoughts/suggestions regarding S/MIME?
> Is there anyone else that have been working on it?

We're governmental & public Polish CA, and we're using IMP, because it
meets our expectations.

Maybe we could get a CVS account, and with a assistance from Chuck or
Jon we could implement that. Is there a need for such feature?

Maybe Chuck or Jon would like to comment on that?

Regards,
Arkadiusz Goralski: agoralski@certum.pl