Collecting S/MIME Certs from (incoming signed) E-Mails

[Jochen Bern]

Two quick questions, if I may:

We've been asked to change an existing application (whose builtin S/MIME
capabilities are quite unclear) so that the e-mails it sends will be
S/MIME encrypted, if possible. I have some experience in getting an MTA
to encrypt e-mails in transit, but the trick is, of course, to maintain
a list of addressees' (current) certs.

Ideally, users send e-mails *to* the application beforehand, and with a
bit of luck, they might even *sign* them (which, in the case of S/MIME,
IIUC implies that their cert is attached).

1. Are there features in a) the IMAP protocol and/or b) dovecot in
   particular that would allow me to extract the certs from incoming
   e-mails before the application retrieves them from the mailbox?
   (I know that IMAP allows me to download only a MIME part of an
   e-mail, but I'ld need to somehow determine *which* MIME part to
   download, I guess?)

2. Assuming that the incoming e-mail is S/MIME signed *and encrypted*,
   is it actually possible to extract the sender cert *without* having
   the application's keypair to *decrypt* the e-mail in the process?

Kind regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180928/254c98cd/attachment-0001.p7s>