* Dave Dodge <dodo...@dododge.net> [2015-04-04 18:30 -0400]:
Some formal key infrastructures managed by corporations, government departments, etc. will issue you two distinct private keys, each with its own X.509 certificate. One is only to be used for digital signatures, and the other is only to be used for data encryption.
That's exactly the situation I'm dealing with.
Last I checked (admittedly this was a couple years ago) it only let you specify a single private key to be used for both signing outgoing mail and decrypting incoming mail. Which is not sufficient. I had to patch in some more variables.
This time I was able to get it to work minimally by hard-coding some certificates/keys, so there were no patches needed to get it to minimally work. If I had to deal with multiple S/MIME certificates (say, a personal and work) then it would get messy quickly. See http://marc.info/?l=mutt-users&m=142825894618747 for the solution.
Unfortunately the changes I made are on a corporate network where I can't share them. I don't recall it being very complicated, though. The next time I get a chance I'll review the patches, and I might at least be able to describe how I did it.
Thanks! If you happen to get the changes out I'd appreciate a look: I'm going to see if I can figure out how to add a single "smime_default_signature_key" option, which should be sufficient to make things work the way I would expect. Regards, -- dave [ please don't CC me ]
signature.asc
Description: PGP signature
