[imp] SMIME

Harry Hoffman hhoffman@ip-solutions.net
Thu, 22 Aug 2002 20:33:07 +1200


In terms of the perl side of things for doing OpenSSL the guys from
www.openca.org have contributed perl modules for accessing all of the features
of OpenSSL. It's quite good work, we've been using their project as a test for
our own personal CA.

Quoting Mike Cochrane <mike@graftonhall.co.nz>:

*> Quoting Cliff Green <green@umdnj.edu>:
*> 
*> > Coincidentally, we've been working on a cgi app (in perl, as it happens)
*> to
*> > send
*> > signed and encrypted smime messages;  also using openssl.  So far, we've
*> got
*> > signing and encrypting working in fragments, and would be happy to
*> > collaborate.
*> > But  be patient, our PHP skills are lacking...
*> Cool :-) I haven't looked at this side of things yet.
*> 
*> > We know how to sign if we already have the private key in PEM format, or
*> if
*> > the
*> > user is using Netscape (4.5+) and we prompt for signing from the key on
*> their
*> > own
*> > computer.  There was a discussion a few months ago on the list about how
*> to
*> > deal
*> > with users' private keys in storage and keep it secure, so we've initially
*> > just
*> > punted and don't bother.  However, it shouldn't be difficult to use one of
*> > Horde's
*> > database drivers - if we can figure out how to coach users to export and
*> > upload
*> > their keys and then how to protect them acceptably.
*> We could just store in the user's prefs as we do at the moment of pgp...
*> 
*> > We're looking at using an ActiveX object we've used before for signing
*> forms
*> > in
*> > order to do this with IE.  Unfortunately, we don't have a mechanism yet
*> for
*> > using
*> > one's private keys from Mozilla or Opera - do you know of a means?
*> Mozzila should work similar to Netscape in this respect... but i'll rather
*> not
*> worry about this.
*> 
*> > I've always thought that PHP's openssl functions would be sufficient, but
*> I'm
*> > not
*> > facile enough with PHP to do the job yet.
*> I've tried these and they are hard to use and not documented yet. I haven't
*> been
*> able to verify a message. I can if i have the signers cert, but i couldn't
*> find
*> a way of getting the cert out of the pkcs7-signature block so gave up.
*> 
*> > Okay, here's one message.  Signed, but not encrypted.  Do you have a
*> > certificate?
*> Yeah, forgot about that bit. But finally got around to setting up a mail
*> client
*> here and can now send myself test messages... thanks :-)
*> 
*> I will commit the verify mime viewer tonight as it doesn't rely on much to
*> work... just having openssl and a set of root certificates available.
*> 
*> - Mike :-)
*> 
*> -------------------------------------------------
*> This mail sent through IMP: http://horde.org/imp/
*> 
*> --
*> IMP mailing list
*> Frequently Asked Questions: http://horde.org/faq/
*> To unsubscribe, mail: imp-unsubscribe@lists.horde.org


-- 
Harry Hoffman
ITSS Systems Team Leader
University of Auckland
hhoffman@auckland.ac.nz
hhoffman@ip-solutions.net
STANDARD DISCLAIMER:
**********************************************
*This universe shipped by weight, not volume.*
*Some expansion may have occured in shipping.*
*********************************************

-------------------------------------------------
Mail service provided by IpSolutions 
http://www.ip-solutions.net/