[imp] s/mime help

Marcos Monge mmonge at satec.es
Thu Feb 27 12:18:50 PST 2003 

>
>
>No, no. You created a pkcs7 version of your CA's cert file. You are on the wrong path I fear.
>You'll have to risk a detailed view to the openssl dokumentation. Maybe
>http://sial.org/sendmail/doc/OpenSSL.txt is helpful, especially the section 
>CERTIFICATES SIGNED BY OWN CERTIFICATE AUTHORITY.
>
>After generating valid CA cert, a private and a public key in x509 format you can begin to
>create an s/mime compatible cert file with something like:
>openssl pkcs7 -export -in mycert.pem -inkey mykey.pem -out user.p7 \
>           -certfile othercerts.pem -name "Marcos Monge"
>
>Alexander Dalloz
>

This don't work. That options are only valid for pkcs12.

Anyway, I have tray the following procedure, with some success (but not 
all):

1.- Generate a private key for my user in imp:
    openssl genrsa -des3 1024 > marcos-private.key
2.- Generate a certficate self-signed from the previous key:
    openssl req -new -x509 -key marcos-private.key -days 3650 -sha1 > 
marcos-public.cert

Then, login into IMP, go to preference -> s/mime options. Click in 
import Private/Public key. When ask for the private key, I put the 
marcos-private.key file. Whan ask for the public key, I put the 
marcos-public.cert file. All seens to be OK. Imp tell me import is correct.

3.- Generate a new private key, for my user in netscape:
    openssl genrsa -des3 1024 > mmonge-netscape.private.key
4.- Generate a certficate self-signed from the previous key:
    openssl req -new -x509 -key mmonge-netscape.private.key -days 3650 
-sha1 > mmonge-netscape-public.cert
5.- Generate a pkcs12 certificate with the private key and the public 
certificate for import into Outlook/Netscape:
    openssl pkcs12 -export -in mmonge-netscape-public.cert -inkey 
mmonge-netscape-private.key -out mmonge.p12  -name "Marcos Monge (netscape)"

Then I import this new .p12 file into Netscape. Netscape tell me that 
it's issued by a not trusted authority, but it's OK. Import without problem


Well, now go to IMP addres book, and create a new entry for my netscape 
user. In the field "S/MIME Public key" I put the contents of 
"mmonge-netscape-public.cert". IMP accept without problem.

Then, compose a new Message in IMP, send to my netscape user from the 
address book, and select the "S/MIME Sign Message".

When I received it in Netscape, Netscape tell me that the message is 
signed, but the certficate it's issued by a not trusted authority. All 
seens to be OK.

But, if I send the message from IMP with the option "S/MIME Sign/Encrypt 
Message", netscape tell me: "Message Has No Digital Signature", and 
"Message Cannot Be Decrypted".

Where is the problem? Imp don't sign the message??

Someone is using the S/Mime options with success??

Any help?

Thanks in advance

More information about the imp mailing list