[imp] Verifying smime signatures not working?

Michael M Slusarz slusarz at horde.org
Fri May 9 04:27:26 UTC 2014 

Quoting Edward Burr <egburr at burr.cc>:

> Quoting Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Edward Burr <egburr at burr.cc>:
>>
>>> I am receiving email from a friend who uses Lotus Notes and is  
>>> signing his emails. After much effort, I finally figured out how  
>>> to extract the certificate from the smime.p7s file and import it  
>>> into imp (since you can't just import the smime.p7s file  
>>> directly). Now I am able to encrypt email to him, and imp  
>>> successfully decrypts email from him (getting a key and sending  
>>> him my public key was simple compared to importing the smime.p7s  
>>> cert).
>>>
>>> However, one thing I have not been able to figure out yet: I can  
>>> not find any indication whether the signed email from him is valid  
>>> or not. The only way I know it is signed is because of the  
>>> attached smime.p7s file, but imp gives no hint that it has  
>>> actually checked whether the message and signature has been  
>>> checked. For an encrypted message, I figure I can safely assume it  
>>> is intact, but what about an unencrypted message?
>>
>> S/MIME signed messages will have a border around the signed content  
>> in the message view with a yellow info box that says "The data in  
>> this part has been digitally signed via S/MIME." and will have a  
>> link to verify the data.
>>
>> if you are not seeing this then your system either doesn't have  
>> support for openssl in PHP or it is disabled in the Horde/IMP  
>> configuration.  (FYI: your message to the list, that I am replying  
>> to, is S/MIME signed and I can verify the signature).
>
> I'm still trying to figure out what I'm missing. I've got the basic  
> horde webmail package installed with pear. The only changes I've  
> made to it have been through the configuration settings in the admin  
> account. openssl is supported, and it is enabled. In my user account  
> preferences, smime is enabled. My messages to the list are being  
> sent with Horde/Tmp, and you're seeing it signed there, so I know  
> it's working. I just don't get the border around the signed content  
> or the box with the statement telling me it's signed. You can see it  
> here:
>
> https://www.dropbox.com/s/x3zjqseevf9ysjl/signed_mail.png

This would only happen if for some reason the message was being parsed  
as multipart/mixed (in which each part is displayed separately) as  
opposed to the smime MIME viewer driver, which (even if S/MIME support  
is disabled) the S/MIME signature part is hidden.

I have no idea how this would happen.  I can only suggest making sure  
you don't have any mime_drivers.local.php files and ensuring that all  
mime_drivers.php config files have not been altered from the  
distribution.  Otherwise, it's really going to take code debugging on  
your side to be able to track this down further.  A place to start:  
IMP_Contents#renderMIMEPart().

michael

___________________________________
Michael Slusarz [slusarz at horde.org]

More information about the imp mailing list