[imp] SMIME

Mike Cochrane mike@graftonhall.co.nz
Thu, 22 Aug 2002 18:17:08 +1200


Quoting Cliff Green <green@umdnj.edu>:

> Coincidentally, we've been working on a cgi app (in perl, as it happens) to
> send
> signed and encrypted smime messages;  also using openssl.  So far, we've got
> signing and encrypting working in fragments, and would be happy to
> collaborate.
> But  be patient, our PHP skills are lacking...
Cool :-) I haven't looked at this side of things yet.

> We know how to sign if we already have the private key in PEM format, or if
> the
> user is using Netscape (4.5+) and we prompt for signing from the key on their
> own
> computer.  There was a discussion a few months ago on the list about how to
> deal
> with users' private keys in storage and keep it secure, so we've initially
> just
> punted and don't bother.  However, it shouldn't be difficult to use one of
> Horde's
> database drivers - if we can figure out how to coach users to export and
> upload
> their keys and then how to protect them acceptably.
We could just store in the user's prefs as we do at the moment of pgp... 

> We're looking at using an ActiveX object we've used before for signing forms
> in
> order to do this with IE.  Unfortunately, we don't have a mechanism yet for
> using
> one's private keys from Mozilla or Opera - do you know of a means?
Mozzila should work similar to Netscape in this respect... but i'll rather not
worry about this.

> I've always thought that PHP's openssl functions would be sufficient, but I'm
> not
> facile enough with PHP to do the job yet.
I've tried these and they are hard to use and not documented yet. I haven't been
able to verify a message. I can if i have the signers cert, but i couldn't find
a way of getting the cert out of the pkcs7-signature block so gave up.

> Okay, here's one message.  Signed, but not encrypted.  Do you have a
> certificate?
Yeah, forgot about that bit. But finally got around to setting up a mail client
here and can now send myself test messages... thanks :-)

I will commit the verify mime viewer tonight as it doesn't rely on much to
work... just having openssl and a set of root certificates available.

- Mike :-)

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/