[imp] Verifying smime signatures not working?

Edward Burr egburr at burr.cc
Wed Apr 30 12:13:58 UTC 2014


Quoting Michael M Slusarz <slusarz at horde.org>:

> Quoting Edward Burr <egburr at burr.cc>:
>
>> I am receiving email from a friend who uses Lotus Notes and is  
>> signing his emails. After much effort, I finally figured out how to  
>> extract the certificate from the smime.p7s file and import it into  
>> imp (since you can't just import the smime.p7s file directly). Now  
>> I am able to encrypt email to him, and imp successfully decrypts  
>> email from him (getting a key and sending him my public key was  
>> simple compared to importing the smime.p7s cert).
>>
>> However, one thing I have not been able to figure out yet: I can  
>> not find any indication whether the signed email from him is valid  
>> or not. The only way I know it is signed is because of the attached  
>> smime.p7s file, but imp gives no hint that it has actually checked  
>> whether the message and signature has been checked. For an  
>> encrypted message, I figure I can safely assume it is intact, but  
>> what about an unencrypted message?
>
> S/MIME signed messages will have a border around the signed content  
> in the message view with a yellow info box that says "The data in  
> this part has been digitally signed via S/MIME." and will have a  
> link to verify the data.
>
> if you are not seeing this then your system either doesn't have  
> support for openssl in PHP or it is disabled in the Horde/IMP  
> configuration.  (FYI: your message to the list, that I am replying  
> to, is S/MIME signed and I can verify the signature).

That's the thing. I do have support for openssl in PHP and it is  
enabled in the Horde/IMP configuration. In the test.php page, under  
PHP Module Capabilities, it shows "OpenSSL Support: Yes". And in the  
Horde configuration under OpenSSL I have $conf[openssl][cafile] =  
/etc/ssl/certs and $conf[openssl][path] = /usr/bin/openssl

The same sender can encrypt his email, and IMP decrypts it just fine  
once I enter my passphrase:

The data in this part has been encrypted via S/MIME.
You must enter the passphrase for your S/MIME private key to view this data.

Whether his message was encrypted or not, it gives me the "S/MIME  
Cryptographic Signature" as an attached smime.p7s file but no border  
around the signed content and no message about the data having been  
signed. Mozilla Thunderbird shows that the message is signed and valid.

I am also able to sign and encrypt outgoing mail, and my friend has  
received and verified both. It is only the signature on incoming mail  
that is a problem.

Edward

-- 
"In television it is a cardinal sin to allow the viewer a
single moment when his ears and eyes are not assaulted by
sound and fury" -- Alfred Hitchcock, announcing a commercial
break in "Hangover" aired 12/06/1962 and just as true today


More information about the imp mailing list