Dear Peter,
Thanks for your reply.
When signing the MIME data, how do you pass the public & private key
files to CAPICOM?
Also, do you need to send your public key file to the email recipient
for them to verify the S/MIME message?
Thank you.
Simon
On Sat, Mar 13, 2010 at 5:18 AM, czernitko <czerni...@gmail.com> wrote:
> Hi Simon,
>
> I don't have any suitable standalone application, but it's nothing
> hard to implement attached signatures and working with encrypted
> e-mails using Capicom and Synapse.
>
>>What parts of the message (plain text, HTML, attachments, etc) need to be
>>encrypted?
> First of all, signed (or encrypted) must be whole parts you want to
> sign/encrypt. This makes signing/encrypting easy, because (for
> verifying signature, for example) you just let Synapse parse your
> email in MIME format, look at the Content-type headers so as to
> recognize which type of signature/encryption was used, take those
> whole parts and pass them to CAPICOM.
> Simple algorithm for signing, using attached signature (output is one
> base64 encoded part, unreadable for clients not supporting S/MIME)
> would be like this:
> - body := TMimeMess.Create;
> - fill in the headers of body.MessagePart
> - SD := CoSignedData.Create; //var SD:SignedData, defined in unit CAPICOM_TLB
> - SD.Sign(body.MessagePart.lines.text,false,CAPICOM_ENCODE_BASE64)
> - set body.MessagePart.ContentType to application/x-pkcs7-mime;
> smime-type="signed-data"; name="smime.p7m"...
> - body.MessagePart.PartBody.Text := SD.Content;
> - body.EncodeMessage;
> That's all, you can send your MIME message (or use
> body.lines.savetofile('./smime.eml') to save and open for example in
> outlook to make sure signature was ok).
> For verifying, just take the base64 encoded content (don't decode it
> from base64) and pass it to
> SD.Verify(mimePart.PartBody.Text,false,CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE);
> it raises exception or fills SD.Content with signed content and
> SD.Certificates with used certificates... Procedure is very similar
> for encrypting/decrypting data, you just use ED:EncryptedData instead
> of SD:SignedData... Code snippet for working with detached signature
> is already present in this thread.
> By the way you will need some personal certificate, if you don't have
> any you can use OpenSSL to generate self-signed one.
> If you send some concrete question I can try to be more specific, but
> making some demo app will take sooo much time...
>
> Greetings, Peter.
>
>
> 2010/3/11 Simon B. <sim...@gmail.com>
>>
>> Hello,
>>
>> Could anyone give a working demo project showing how to implement
>> S/MIME (using CAPICOM or other APIs)?
>>
>> What parts of the message (plain text, HTML, attachments, etc) need to
>> be encrypted?
>>
>> Thank you.
>>
>> Simon
>>
>> On Tue, Mar 9, 2010 at 7:44 AM, czernitko <czerni...@gmail.com> wrote:
>> > :-O instantly implemented and verified - worked like a charm! I still can't
>> > believe it was THAT simple. Thanks a lot, Lukas!
>> >
>> > In case anyone might be looking for CAPICOM solution, I attach a few lines
>> > of code for creating S/MIME with detached signature. Maybe it saves some
>> > time to others:
>> >
>> > procedure MakeDetachedSMIME(string messContent);
>> > var
>> > SD : SignedData;
>> > MainPart, ContentPart, SignaturePart : TMimePart;
>> > MessBody: TMimeMess;
>> > begin
>> > //create MessBody, fill the headers
>> > ...
>> > //create SD
>> > SD := CoSignedData.Create;
>> >
>> > //Create multipart as the root message part with proper headers
>> > MainPart := MessBody.AddPartMultipart('signed;
>> > protocol="application/x-pkcs7-signature";'+#13#10+' micalg=SHA1',nil);
>> > MainPart.PrePart.Text := 'This is a multi-part message in MIME
>> > format.'+#13#10+#13#10;
>> >
>> > //Create part with readable data to be signed
>> > ContentPart := MessBody.AddPart(MainPart);
>> > ContentPart.Headers.Add('Content-type: text/plain');
>> > ContentPart.Headers.Add('Content-Transfer-Encoding: 7bit');
>> > ContentPart.PartBody.Text := messContent;
>> > ContentPart.ComposeParts;
>> >
>> > //Assign content to be signed
>> > SD.Content := StringToWideString(ContentPart.lines.Text);
>> > //Obtain base64 encoded signature from CAPICOM
>> > StrBase64 :=
>> > BinaryStringToString(SD.Sign(nil,true,CAPICOM_ENCODE_BASE64));
>> >
>> > //DAMN YOU, OUTLOOK!!
>> > //Add CrLf to the end of part to be signed so as to make it
>> > "Outlook-verifiable". Thanks Lukas!
>> > ContentPart.PartBody.Text := ContentPart.PartBody.Text+#13#10;
>> >
>> > //Create signature part as the second subpart of root multipart
>> > SignaturePart := MessBody.AddPart(MainPart);
>> > SignaturePart.Headers.Add('Content-Type:
>> > application/x-pkcs7-signature;'+#13#10#9+'name="smime.p7s"');
>> > SignaturePart.Headers.Add('Content-Transfer-Encoding: base64');
>> > SignaturePart.EncodingCode := ME_BASE64;
>> > SignaturePart.Headers.Add('Content-Disposition:
>> > attachment;'+#13#10#9+'filename="smime.p7s"');
>> > SignaturePart.PartBody.Text := StrBase64;
>> >
>> > MessBody.EncodeMessage;
>> > //Save message to a file so as to be easily opened and verified in
>> > outlook
>> > locally
>> > MessBody.Lines.SaveToFile('detached_signature.eml');
>> > end;
>> >
>> > 2010/3/9 Lukas Gebauer <gebyl...@mlp.cz>
>> >>
>> >> I am not using CAPICOM, I am using CryptoAPI directly only.
>> >>
>> >> However when I try to build my own S/MIME detached signature, then I
>> >> have a problem. Outlook says invalid has too. However Thunderbird is
>> >> OK. :-O
>> >>
>> >> Solution is simple... add one empty line after signed message part
>> >> before sending.
>> >>
>> >> Maybe similar issue causing your problems with verifying in your
>> >> code.
>> >>
>> >>
>> >> --
>> >> Lukas Gebauer.
>> >>
>> >> http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib.
>> >> http://geoget.ararat.cz/ - Geocaching solution
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Download Intel® Parallel Studio Eval
>> >> Try the new software tools for yourself. Speed compiling, find bugs
>> >> proactively, and fine-tune applications for parallel performance.
>> >> See why Intel Parallel Studio got high marks during beta.
>> >> http://p.sf.net/sfu/intel-sw-dev
>> >> _______________________________________________
>> >> synalist-public mailing list
>> >> synalist-public@lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/synalist-public
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Download Intel® Parallel Studio Eval
>> > Try the new software tools for yourself. Speed compiling, find bugs
>> > proactively, and fine-tune applications for parallel performance.
>> > See why Intel Parallel Studio got high marks during beta.
>> > http://p.sf.net/sfu/intel-sw-dev
>> > _______________________________________________
>> > synalist-public mailing list
>> > synalist-public@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/synalist-public
>> >
>> >
>>
>> ------------------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> synalist-public mailing list
>> synalist-public@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/synalist-public
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> synalist-public mailing list
> synalist-public@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/synalist-public
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public
