Re: Confusion about SSL_ERROR_WANT_READ/WRITE
If all that was sent was the protocol data that the write was waiting for to satisfy the ssl state machine, and no application data was sent, would SSL_read return the number of bytes actually read off the socket (which is just protocol data), or would it read that transparently and return 0 indicating that no application data was read? Ah. Key question! SSL_read will return a positive number indicating the number of APPLICATION DATA bytes written into your buffer. A ZERO indicates a closed connection. A negative result indicates an error (or rather, that your request could not be satisfied). In the case of a WANT_READ or WANT_WRITE, that some action in the BIO needs to occur to satisfy the request. The important thing to keep in mind is that the SSL objects are not inherently tied to sockets. You might be trying to read SSL decrypted data from your own internal buffer. In which case, a WANT_READ means that you need to move a few more bytes into the BIO's buffer. Check out the man page for the SSL_get_error function yet once again. Skip down to the section titled SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE in the context of these discussions, keeping in mind the idea that an SSL object might not be necessarily connected to a socket. (What really frustrated me when I was learning how this worked was that the examples and discussions in the O'Reilly OpenSSL book were wrong on this topic.) smime.p7s Description: S/MIME cryptographic signature
Client Authentication
Hi all I am a newbie to SSL and I want to have clients authenticated using SSL certificates. I am running webserver on Apache 1.3 on Mac OS X server The scenario is something as follows: My webserver is hosting an site for which I want to give limited access worldwide. If someone requests for the site, the first check should be made using the certificates. If the certificate is not present in the clients machine, the Access denied page must pop up. The questions is how do I do client authentication Requesting your assistance. Regards Thanks Mahesh S Kudva __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl static library windows
Hi all, Has any one tried compiling the openssl library in the static mode on Windows. If so is it available for download ? If not is there any documentation regarding the steps to compile and the build environment ? I will be using VC6. Regards, /Mahesh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: openssl static library windows
Hi Mahesh, Nmake -f Ms\nt.mak Will build the static library. Regards, Aftab Alam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mahesh Lalge Sent: Monday, April 18, 2005 2:29 PM To: openssl-users@openssl.org Subject: openssl static library windows Hi all, Has any one tried compiling the openssl library in the static mode on Windows. If so is it available for download ? If not is there any documentation regarding the steps to compile and the build environment ? I will be using VC6. Regards, /Mahesh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
Newbie S/MIME decryption questions
Hi, I would like to use OpenSSL 0.97c for Windows to decrypt S/MIME encrypted messages which contain attachments. I am especially interested in decrypting the attachments. The encrypted mail is available in a source file called source.msg (see [1]). I used the following command on this file: openssl smime -decrypt -in c:\source.msg -recip c:\abr2006.pem.cer -inkey c:\abr2006.pem -out c:\dest.msg I had expected that the new file dest.msg would contain the decrypted message. But as you can see in [2], the new file is still encrypted. So what did I do wrong? Are there any special steps I have to take to decrypt attachments? Please don't mind if this is a dumb question, but I am new to OpenSSL and I have no clue :-/ Thanks in advance for your answers! With kind regards, Christian [1] Source File X-UIDL-JANA-SERVER: 0MKqpg-1DMYFX3jIl-0004et Return-Path: [EMAIL PROTECTED] Delivery-Date: Fri, 15 Apr 2005 23:21:18 +0200 Received: from [IP address] (helo=server) by mxeu5.kundenserver.de with ESMTP (Nemesis), id 0MKqpg-1DMYFX3jIl-0004et; Fri, 15 Apr 2005 23:21:15 +0200 MIME-Version: 1.0 Content-Type: application/pkcs7-mime;smime-type=enveloped-data;name=smime.p7m; name=smime.p7m; smime-type=enveloped-data Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message Subject: BLA Date: Fri, 15 Apr 2005 23:21:10 +0200 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: BLA Thread-Index: AcVCAQs8SWiLcAkoQfuf6CehVUwoUw== From: BLA [EMAIL PROTECTED] To: BLABLA [EMAIL PROTECTED] Envelope-To: [EMAIL PROTECTED] MIAGCSqGSIb3DQEHA6CAMIACAQAxggL6MIIBeQIBADCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24s [snipped more data] [2] Destination File Content-Type: application/x-pkcs7-mime; name=smime.p7m; smime-type=signed-data Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggazQ29u [snipped more data] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie S/MIME decryption questions
On Mon, Apr 18, 2005, Christian Gütter wrote: Hi, I would like to use OpenSSL 0.97c for Windows to decrypt S/MIME encrypted messages which contain attachments. I am especially interested in decrypting the attachments. 0.9.7c is old, you should use the latest version. 0.9.7g if possible. I had expected that the new file dest.msg would contain the decrypted message. But as you can see in [2], the new file is still encrypted. No it isn't :-) [2] Destination File Content-Type: application/x-pkcs7-mime; name=smime.p7m; smime-type=signed-data Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggazQ29u [snipped more data] If you look in that header you'll see it is *signed*. That's how S/MIME clients handle signed and encrypted email. If you do: openssl smime -verify -in destination -out message it will attempt to verify the message (which will probably give an error becaue it can't find the signing CA) and write the content out to the file 'message'. The file 'message' should contain the original email with any attachments. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie S/MIME decryption questions
Hi Steve, thanks for your answer. 0.9.7c is old, you should use the latest version. 0.9.7g if possible. Will do that. If you do: openssl smime -verify -in destination -out message it will attempt to verify the message (which will probably give an error becaue it can't find the signing CA) and write the content out to the file 'message'. Unfortunately, this does not work for me. OpenSSL throws the following error: Verification failure 2472:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smi me.c:222:Verify error:self signed certificate in certificate chain The file 'message' should contain the original email with any attachments. The file 'message' is empty then (0 bytes). Do you know what is going on? Thanks, Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie S/MIME decryption questions
On Mon, Apr 18, 2005, Christian Gütter wrote: Hi Steve, thanks for your answer. 0.9.7c is old, you should use the latest version. 0.9.7g if possible. Will do that. If you do: openssl smime -verify -in destination -out message it will attempt to verify the message (which will probably give an error becaue it can't find the signing CA) and write the content out to the file 'message'. Unfortunately, this does not work for me. OpenSSL throws the following error: Verification failure 2472:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smi me.c:222:Verify error:self signed certificate in certificate chain The file 'message' should contain the original email with any attachments. The file 'message' is empty then (0 bytes). Do you know what is going on? Add -noverify to the command line options. That will disable certificate verification: which is the cause of that error message. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie S/MIME decryption questions
Hi Steve, Add -noverify to the command line options. That will disable certificate verification: which is the cause of that error message. This worked. Thank you very much for sharing your insight into the mighty command line options of OpenSSL! Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Windows instalattion
I have downloaded the binaries that came in http://www.openssl.org/related/binaries.html (Section realted - binaries in the main openssl page) I followed the instructions to install perl and mingw but I cant compile openssl from mingw I try to do the command provided in the install.w32 file Compile OpenSSL: ms\mingw32 Any clues? Mingw works correctly I understood that only installing this binary I should start writing code, but when I run an example I got error messages saying that it doesn't recognizes the openssl funcitons. Silvia G. Pavón V. Procesos de Facturación Alestra S.A. Tel. 8748 6100 x4107 _ NOTA: La información de este correo es de propiedad exclusiva y confidencial. Este mensaje es sólo para el destinatario señalado, si usted no lo es, destrúyalo de inmediato. Ninguna información aquí contenida debe ser entendida como dada o avalada por Alestra, sus subsidiarias o sus empleados, salvo cuando ello expresamente se indique. Es responsabilidad de quien recibe este correo de asegurarse que esté libre de virus, por lo tanto ni Alestra, sus subsidiarias ni sus empleados aceptan responsabilidad alguna. NOTE: The information in this email is proprietary and confidential. This message is for the designated recipient only, if you are not the intended recipient, you should destroy it immediately. Any information in this message shall not be understood as given or endorsed by Alestra, its subsidiaries or their employees, unless expressly so stated. It is the responsibility of the recipient to ensure that this email is virus free, therefore neither Alestra, its subsidiaries nor their employees accept any responsibility. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Client Authentication
This would be a feature of Safari rather than OpenSSL. I'm pretty sure that recent versions of Safari can do authentication using certs, but I'm not sure how to do it. You can try posting you question to one of Apple's lists. http://lists.apple.com/ On Apr 18, 2005, at 1:46 AM, [EMAIL PROTECTED] wrote: Hi all I am a newbie to SSL and I want to have clients authenticated using SSL certificates. I am running webserver on Apache 1.3 on Mac OS X server The scenario is something as follows: My webserver is hosting an site for which I want to give limited access worldwide. If someone requests for the site, the first check should be made using the certificates. If the certificate is not present in the clients machine, the Access denied page must pop up. The questions is how do I do client authentication Requesting your assistance. Regards Thanks Mahesh S Kudva __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
Re: Windows instalattion
At 10:04 AM 4/18/2005 -0500, Silvia Gisela Pavon Velasco writeth: I have downloaded the binaries that came in http://www.openssl.org/related/binaries.html (Section realted - binaries in the main openssl page) I followed the instructions to install perl and mingw but I cant compile openssl from mingw I try to do the command provided in the install.w32 file Compile OpenSSL: ms\mingw32 Any clues? Mingw works correctly I understood that only installing this binary I should start writing code, but when I run an example I got error messages saying that it doesn't recognizes the openssl funcitons. Huh? I'm confused as to what you are doing or have done. You don't need to compile OpenSSL if you use those binaries (it sounds like you have downloaded and installed/extracted both OpenSSL source AND Win32 OpenSSL binaries - you only need one or the other). Could you show what command-line(s) you have tried using, directory locations, example code you've tried, etc.? MinGW is a weird beast - the MinGW command-line to use those pre-built OpenSSL binaries is different from what you probably expect (try adding -llibeay32.lib -lssleay32.lib to your compiler options instead of the -leay -lssl options you see in various examples around the Internet - and don't expect MinGW to be magical). BTW, if you don't have a compiler preference, Microsoft's C++ compiler from Visual Studio .NET 2003 (Professional) is free: http://msdn.microsoft.com/visualc/vctoolkit2003/ Win32 OpenSSL is built with VSP's Visual C++ 6 SP5 - so it could be advantageous to use a similar compiler. Just a thought and not required, but getting it to work under one compiler sometimes helps to get it working under another. Since this is a Win32 OpenSSL-specific discussion, it might be better to take the discussion off-list. This list is OpenSSL-specific and you are discussing details of the Win32 OpenSSL default-build binaries. Once you are up and running with the Win32 binaries, then this list becomes handy for the programming end of things. Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home of the Nuclear Vision scripting language and ProtoNova web server. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL handshake failed
On Sun, Apr 17, 2005 at 10:53:50PM, Asif Iqbal wrote: Hi All I installed Apache/1.3.33 (Unix) mod_perl/1.29 mod_ssl/2.8.22 OpenSSL/0.9.7d on Solaris Upgrade OpenSSL to latest to fix the problem. Thanks -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu ..there are two kinds of people: those who work and those who take the credit...try to be in the first group;...less competition there. - Indira Gandhi __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Windows instalattion
Hi Silvia !! Why not tries with this: http://www.slproweb.com/products/Win32OpenSSL.html It's a Windows Installer package of OpenSSL and works really good. When you install it you will get a libeay32.lib, ssleay32.lib and his .dll corresponding files. Also you will get a folder with header's files (.h), you may move this to INCLUDE path of MS VC++ (maybe C:\Archivos de programa\Microsoft Visual Studio\VC98\Include ) and in your program include the .h headers corresponding to the functions you are trying to use. e.g #include openssl/openssl_header_function.h Remember that openssl folder contains all the .h available functions of openssl, and after when you compile your program don't forget to include in command line cl your_app.cpp libeay32.lib Hope this helps Zainos Do You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
Using OpenSSL with 'ubsec' hardware on FreeBSD
hi, I was wondering if any folk who are using OpenSSL with Broadcom 582x devices (ubsec) on FreeBSD could help me out. We have taken such a card out of a Fedora Core 2 machine (where it was working with the help of the 'hwcrypto' RPM) We've compiled FreeBSD so that the card is detected (added device = crypto device = cryptodev device = ubsec to the KERNCONF and rebuilt/installed the kernel) the card is shown during bootup (dmesg output shows: ubsec0 mem 0xfe40-0xfe40 irq 22 at device 4.0 on pci0 ubsec0: Broadcom 5820 ) now, I tested the card with 'cryptotest' which clearly shows that the card is being used (thanks to the output of 'ubsecstats' which hides under /usr/src/tools/tools/crypto ) the input and output figures climb nicely. however, now is where the brakes come on fast. OpenSSL doesnt want to play with my hardware. I've tried both the world version and the ports version. both give credible debug output which seems to point me to a solution...but at that point I can go no further world OpenSSL #openssl engine ubsec -vvv (ubsec) UBSEC hardware engine support SO_PATH: Specifies the path to the 'ubsec' shared library (input flags): STRING ## openssl speed rsa -engine ubsec can't use that engine 34347:error:2507006C:DSO support routines:DSO_load:functionality not supported:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:239: 34347:error:84069067:ubsec engine:UBSEC_INIT:dso failure:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/hw_ubsec.c:390: 34347:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:182: ports OpenSSL # /usr/local/bin/openssl engine ubsec -vvv (ubsec) UBSEC hardware engine support SO_PATH: Specifies the path to the 'ubsec' shared library (input flags): STRING # /usr/local/bin/openssl speed rsa -engine ubsec can't use that engine 34349:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:153:filename(libubsec.so): Shared object libubsec.so not found, required by openssl 34349:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 34349:error:84069067:ubsec engine:UBSEC_INIT:dso failure:hw_ubsec.c:390: 34349:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:182: so, both OpenSSL versions are compiled with ubsec support...however, the world version doesnt support DSO's at all. the ports version DOES, but it cannot find libubsec.so - this, under RedHat, was supplied by 'hwcrypto' package - is there an official source for the libubsec software for FreeBSD for OpenSSL folk to use? Also, I've read a multitude of hard-to-find sites which give obscure and conflicting advice on how openssl.cnf should be configured to use ubsec. could anyone help me on this front too? I'm aware of what crypto's the card can do (ie RSA, DES, 3DES) and that AES, PK etc will still use the CPU. however, I have read the research paper by Sam on Hardware Cryptography on FeeBSD and have seen the benefits that this card will give to our system, many thanks to anyone who might enlighten me Alan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Win32 OpenSSL is recommended by PayPal...
Just to show how widely used Win32 OpenSSL is, PayPal is recommending using it in several bits of example source code. Particularly of note is their Encrypted Button feature on their website in which the readme.txt document from the zipfile states, and I quote: 1) The ButtonEncryptionLib project. This project will generate a DLL that encapsulates the encrypted code creation. Building this requires the OpenSSL for Windows package, which is available from http://www.openssl.org/related/binaries.html; Given that there is only one link on that page, there is no doubt that PayPal (a subsidiary of eBay, Inc.) with at least 40 million users (and growing), is recommending Win32 OpenSSL. (Technically, the 'OpenSSL for Windows package' is called the Win32 OpenSSL Installation Project and is by no means required as the Encrypted Button documentation states - the same thing can be built byte-for-byte identical from source. I'll try working with PayPal to correct the minor inconsistencies in the readme.txt file, but PayPal has been fairly obtuse with me in the past so don't expect too much to happen wry grin). To me, this is a pretty huge bit of news I just stumbled across. I figure some people here might also find it interesting. Maybe we could formalize this into a press release of some sort for the main page (and maybe the binaries page) - it is really good PR material for both OpenSSL and Win32 OpenSSL. Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home of the Nuclear Vision scripting language and ProtoNova web server. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Can anybody share some ENGINE sample code?
In message [EMAIL PROTECTED] on Mon, 18 Apr 2005 15:09:36 -0700, Edward Chan [EMAIL PROTECTED] said: echan Does anybody have some working code that enables the use of echan crypto hardware using the ENGINE API's and would be willing to echan share it? Uhmm, there are a few engines in crypto/engine/ as well as in demos/engines/. If those don't help, maybe you need some specific help. I'd like to help, but I can only do so if you tell me what you really need. Cheers, RIchard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
crypto device
Hi... under the engine directory, there is a a hw_cryptodev.c that makes use of /dev/crypto. Who is supposed to create/manage the /dev/crypto? Am I correct to assume that if I have a hardware card that can provide hardware acceleration for ciphers like DES etc, there should be a manager that manages /dev/crypto and openssl should pass data to it by using /dev/crypto? How do I tell openssl to use /dev/crypto instead of using the usual software implementation? Thanks, A __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
nCipher and openssl
Hi, Does anyone have experience with nCipher netHSM and Openssl ? regards zero __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Using OpenSSL with 'ubsec' hardware on FreeBSD
On April 18, 2005 02:09 pm, [EMAIL PROTECTED] wrote: # /usr/local/bin/openssl engine ubsec -vvv (ubsec) UBSEC hardware engine support SO_PATH: Specifies the path to the 'ubsec' shared library (input flags): STRING # /usr/local/bin/openssl speed rsa -engine ubsec can't use that engine 34349:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:153:filename(libubsec.so): Shared object libubsec.so not found, required by openssl 34349:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 34349:error:84069067:ubsec engine:UBSEC_INIT:dso failure:hw_ubsec.c:390: 34349:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:182: so, both OpenSSL versions are compiled with ubsec support...however, the world version doesnt support DSO's at all. the ports version DOES, but it cannot find libubsec.so - this, under RedHat, was supplied by 'hwcrypto' package - is there an official source for the libubsec software for FreeBSD for OpenSSL folk to use? Which version of openssl is the ports tree based on? I don't know about the world version, but the problem with the ports one seems to be (so far) just a matter of paths. I don't do bsd, but I assume that tweaking with LD_LIBRARY_PATH or some such thing ought to be able to convince openssl to find libubsec.so. Whether the result will be version-compatible is another issue, but you might be lucky. Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ Greedy Genghis George, Guru of God and Guns. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Client Authentication
Hi Apart from Mac clients I also windows users. Regards and Thanks Mahesh S Kudva __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Client Authentication
On the Mac, you'll load your client certificate into your users' keychains. On Windows, you'll load it into the certificate store. In either case, simply having the user double-click on the certificate file will launch the appropriate tool. On Apr 18, 2005, at 9:17 PM, [EMAIL PROTECTED] wrote: Hi Apart from Mac clients I also windows users. Regards and Thanks Mahesh S Kudva __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature