Re: send encrypted s/mime message for Netscape to read?

Wed, 17 Feb 1999 13:24:15 -0500 

Steve,

Fortunately you donīt need to "put it together yourself"!
Check the IETF S/MIME Freeware at:  http://www.imc.org/ietf-smime/

Andrew.

>Hi Steve,
>
>> > I need to send a message to a Netscape user (S/MIME), and encrypt
>> > it using the cert he's sent me in a signed message.   (In other
>> > words, I'm want my script to behave like another Netscape Mail).
>> > I'm using SSLeay 0.9.0b.
>> >
>> > Presumably I would extract his public key from the PKCS-7 Signature
>> > (smime.p7s) using "ssleay pkcs7".  What would be the steps involved here?
>
>
>Thanks for your detailed message on this subject.  I didn't realize
>it was such a complicated matter (frankly, I assumed someone was
>already doing this!)
>
>At the moment I don't have the wherewithal do put this together myself,
>so I may have to resort to PGP (ugh).  It would be really nice to be
>able to send encrypted mail to a NS(S/MIME) user, using her cert.
>
>Again, thanks,
> -Ted.
>
>
>
>> I know encrypted S/MIME mail is not supported in SSLeay 0.9.X: to
>> support it I had to write a (commercial) external library.
>>
>> I haven't had a chance to check OpenSSL, theres *something* unusual
>> looking in crypto/pkcs7 I'm not sure if it works. I'm pretty sure it
>> can't handle RC2 though because the ASN.1 stuff is broken. It might
>> handle 3DES but I haven't had a chance to test it.
>>
>> There isn't a simple command line utility to do it though.
>>
>> The technique goes something like this: find the signing certificate
>> from the signed PKCS#7 structure and get its public key, verify (at
>> least part) of the signature and extract the supported algorithms from
>> the authenticated (signed) attributes.
>>
>> Then select the most appropriate (usually strongest) supported
>> encryption. Generate a random secret symmetric key and IV and encrypt
>> the content with it. Insert the IV and various bits into an
>> AlgorithmIdentifier and encrypt the secret key with the certificate
>> public key. Add all these bits into a PKCS#7 envelopedData structure,
>> base64 encode and add MIME headers. It is normal practice to also add an
>> equivalent structure for the senders certificate so the sender can read
>> it later.
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to