Hi all, First of all, thanks to kuup, and crist clark for the responses that I got from them. Both the responses were of great help. I believe my posting in this issue is valid in Sunmanagers as solaris 10 now comes with openssl included in it. Correct me if I am wrong, but I now believe, it's the recipient's mail client which will decide how the signed portion of the message will be displayed. In addition, the S/MIME multipart/signed document is primarily intended for the users whose MUA does not support smime. In this scenario, the recipient will still be able to read the content of the email message, without having to worry about the signature part. The responses that I got took me to this link: " http://www.strongsec.com/zhw/KSy_SecApp.pdf ", which covers all the questions I had. Greatly appreciate all your feedback. Regards, Mike. ----------- My posting: ----------- Hi Gurus, For digitally signed email messages with smime messages: the recipients are receiving the regular non-signed messages, and the signed messages as attachment in the same email message. below is the command I am using: openssl smime -sign -inkey /dir/dir1/private -signer /dir/dir1/mycert -certfile /dir/dir1/othercerts -in file -out out_file My question is: With S/MIME, is it only possible to send the digitaly signed messages as an attachment; or it's possible to send the signed messages such that the recipients do not have to open up any attachmentment to get the signed message. Like the one you would get with pgp signed messages. Thanks for all the replies in advance. I will summarize. ---------------- kuup's feedback ---------------- Not from within OpenSSL. With OpenSSL you always produce a file, you can't integrate this file into the body of the email message. Every mailclient produces its headers and body in it's own way, that's why the cryptographic tools need to be integrated into the mail program (to a certain extend) to make this work. By means of a product specific plugin the key (or the certificate) can work in the email client program. GPG and PGP makes this integration possible. ---------------------- crist clark's feedback ----------------------- The signed portion of the message MUST be a MIME entity, if that's what you are really asking. The portion of the message signed is typically not given disposition as an attachment, although the signature is. When I run your command above, I get something like, MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----13BCBEFB69C14454A8432B293EC82C5D" This is an S/MIME signed message ------13BCBEFB69C14454A8432B293EC82C5D [signed message, note thereare no MIME headers in this section.] ------13BCBEFB69C14454A8432B293EC82C5D Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" [encoded signature data] As to how an email the email looks, that's more up to your MUA. When I run a message through the process you describe above, it shows up just beautifully in Thunderbird 1.06. ----------------------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Nov 8 10:26:03 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:52 EST