Collecting S/MIME Certs from (incoming signed) E-Mails
Jochen Bern
jochen.bern at binect.de
Fri Sep 28 01:11:35 EEST 2018
Two quick questions, if I may:
We've been asked to change an existing application (whose builtin S/MIME
capabilities are quite unclear) so that the e-mails it sends will be
S/MIME encrypted, if possible. I have some experience in getting an MTA
to encrypt e-mails in transit, but the trick is, of course, to maintain
a list of addressees' (current) certs.
Ideally, users send e-mails *to* the application beforehand, and with a
bit of luck, they might even *sign* them (which, in the case of S/MIME,
IIUC implies that their cert is attached).
1. Are there features in a) the IMAP protocol and/or b) dovecot in
particular that would allow me to extract the certs from incoming
e-mails before the application retrieves them from the mailbox?
(I know that IMAP allows me to download only a MIME part of an
e-mail, but I'ld need to somehow determine *which* MIME part to
download, I guess?)
2. Assuming that the incoming e-mail is S/MIME signed *and encrypted*,
is it actually possible to extract the sender cert *without* having
the application's keypair to *decrypt* the e-mail in the process?
Kind regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180928/254c98cd/attachment-0001.p7s>
More information about the dovecot
mailing list