Re: S/MIME with MUA's.
Dr S N Henson <[EMAIL PROTECTED]> writes: [...] > Ah, I see. The x509 -email option of OpenSSL 0.9.6 does just that. So it does. Sorry, I should have RTFMed! I've passed this information on to the Gnus list, so with any luck, Gnus will be one of the first free MUAs to support S/MIME reasonably usably---to be fair, it's not *that* bad now, but it could be lots better. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: S/MIME with MUA's.
Bruce Stephens wrote: > > Dr S N Henson <[EMAIL PROTECTED]> writes: > > [...] > > > There's a function X509_get1_email() which will retrieve a list of > > email addresses both from the subject name and subjectAltName > > extensions and arrange them in a STACK. From then its trivial to > > just compare each or use sk_find(). > > > > Currently there aren't any functions that handle things like different > > signing and encryption certificates or encryption capabilities. That has > > to be largely done manually. > > Gnus is an emacs-lisp package. It just calls the command-line version > of "openssl smime", so what's required is some command-line interface > to these features. From what you say, presumably it could be a flag > to x509, which displays a list of email addresses, one per line? (Or > something like that, anyway.) Ah, I see. The x509 -email option of OpenSSL 0.9.6 does just that. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: S/MIME with MUA's.
Dr S N Henson <[EMAIL PROTECTED]> writes: [...] > There's a function X509_get1_email() which will retrieve a list of > email addresses both from the subject name and subjectAltName > extensions and arrange them in a STACK. From then its trivial to > just compare each or use sk_find(). > > Currently there aren't any functions that handle things like different > signing and encryption certificates or encryption capabilities. That has > to be largely done manually. Gnus is an emacs-lisp package. It just calls the command-line version of "openssl smime", so what's required is some command-line interface to these features. From what you say, presumably it could be a flag to x509, which displays a list of email addresses, one per line? (Or something like that, anyway.) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: S/MIME with MUA's.
Bruce Stephens wrote: > > "Andrew Back" <[EMAIL PROTECTED]> writes: > > > Has anyone used OpenSSL S/MIME module with UNIX MUAs? In particular Id be > > interested in config for use with Pine & Mutt. Im hoping theres some glue > > that makes things a bit more automatic than using OpenSSL command line. > > The bleeding-edge CVS version of Gnus (an emacs newsreader/MUA) has at > least some support for it. > > Come to think of it, there was a problem found while adding the > support: when verifying signed email, there doesn't seem to be an easy > way of determining whether the email address matches what's in the > certificate. Is that right, or did the guy miss some good way of > doing this? > > [...] > There's a function X509_get1_email() which will retrieve a list of email addresses both from the subject name and subjectAltName extensions and arrange them in a STACK. From then its trivial to just compare each or use sk_find(). Currently there aren't any functions that handle things like different signing and encryption certificates or encryption capabilities. That has to be largely done manually. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: S/MIME with MUA's.
"Andrew Back" <[EMAIL PROTECTED]> writes: > Has anyone used OpenSSL S/MIME module with UNIX MUAs? In particular Id be > interested in config for use with Pine & Mutt. Im hoping theres some glue > that makes things a bit more automatic than using OpenSSL command line. The bleeding-edge CVS version of Gnus (an emacs newsreader/MUA) has at least some support for it. Come to think of it, there was a problem found while adding the support: when verifying signed email, there doesn't seem to be an easy way of determining whether the email address matches what's in the certificate. Is that right, or did the guy miss some good way of doing this? [...] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
S/MIME with MUA's.
Hi, Has anyone used OpenSSL S/MIME module with UNIX MUAs? In particular Id be interested in config for use with Pine & Mutt. Im hoping theres some glue that makes things a bit more automatic than using OpenSSL command line. Also, whilst on the topic, does anyone know of a supported smartcard h/w & s/w config to work with OpenSSL S/MIME for storing X.509 certs to be used in signing? Again UNIX (Linux/*BSD). I suspect it all gets a bit complex here since the idea with a SC would be signing on the card, RSA etc operations done in h/w so your key never leaves the device. Regards, Andrew ___ Andrew Back Messaging & Directory Services Architect Iomart Tel: 0141 931 7046 http://www.iomart.com/ smime.p7s
