I'm developing an app for internal use at my job. It needs to handle crts, sign and verify smime messages, etc. I started to write some perl modules, but interacting with openssl is a little tiring, and I found openca. I used OpenCA::X509 and OpenCA::OpenSSL for certificate management with success, but I'd found that the SMIME part of OpenCA::OpenSSL is incomplete (or I didn't understand it).
It is incomplete.
Specifically I could not find a way to verify messages, only decode, encrypt or sign.
This is correct. First I implemented encrypt and sign. After this I noticed that I only need decrpytion and therefore I only implement decrypt and not verify.
I would like to complete the support for smime, but: 1) I would like to
know first hand which is the expected behaviour of the method getSMIME
(the name confuses me a little),
getSMIME was used to include all SMIME functionality in one function. This was perhaps a mistake. If you want to rename it then you can do it but please be careful because we don't want to change the code too often (it is a stable interface).
getSMIME tries to do the complete process with one pass. This mean the following:
1. encrypt | sign 2. decrypt (verify is not implemented until now)
If you want implement message verification then you should implement to passes.
1. decrypt 2. verify
This allows you to detect the correct error. Then you can set the errorcode and return undef. If you decrypt and verify in one pass with a pipe then you cannot determine what's going wrong. A manipulated signature is a much mor serious attack than a wrong encryption.
2) I find the openssl smime interface really limiting, but maybe someone can give some advice.
The openssl smime interface is limited. We only use it to create simple messages and to create keybackups.
I need to complete this for my app (and I need to do it ASAP), but it would be nice if I can give something back.
This would be nice.
Best regards
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
