Two quick questions, if I may: We've been asked to change an existing application (whose builtin S/MIME capabilities are quite unclear) so that the e-mails it sends will be S/MIME encrypted, if possible. I have some experience in getting an MTA to encrypt e-mails in transit, but the trick is, of course, to maintain a list of addressees' (current) certs.
Ideally, users send e-mails *to* the application beforehand, and with a bit of luck, they might even *sign* them (which, in the case of S/MIME, IIUC implies that their cert is attached). 1. Are there features in a) the IMAP protocol and/or b) dovecot in particular that would allow me to extract the certs from incoming e-mails before the application retrieves them from the mailbox? (I know that IMAP allows me to download only a MIME part of an e-mail, but I'ld need to somehow determine *which* MIME part to download, I guess?) 2. Assuming that the incoming e-mail is S/MIME signed *and encrypted*, is it actually possible to extract the sender cert *without* having the application's keypair to *decrypt* the e-mail in the process? Kind regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect
smime.p7s
Description: S/MIME Cryptographic Signature
