[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dovecot
Subject:    Collecting S/MIME Certs from (incoming signed) E-Mails
From:       Jochen Bern <jochen.bern () binect ! de>
Date:       2018-09-27 22:11:35
Message-ID: 25839792-22b4-bd66-40fd-153448036bf2 () binect ! de
[Download RAW message or body]


Two quick questions, if I may:

We've been asked to change an existing application (whose builtin S/MIME
capabilities are quite unclear) so that the e-mails it sends will be
S/MIME encrypted, if possible. I have some experience in getting an MTA
to encrypt e-mails in transit, but the trick is, of course, to maintain
a list of addressees' (current) certs.

Ideally, users send e-mails *to* the application beforehand, and with a
bit of luck, they might even *sign* them (which, in the case of S/MIME,
IIUC implies that their cert is attached).

1. Are there features in a) the IMAP protocol and/or b) dovecot in
   particular that would allow me to extract the certs from incoming
   e-mails before the application retrieves them from the mailbox?
   (I know that IMAP allows me to download only a MIME part of an
   e-mail, but I'ld need to somehow determine *which* MIME part to
   download, I guess?)

2. Assuming that the incoming e-mail is S/MIME signed *and encrypted*,
   is it actually possible to extract the sender cert *without* having
   the application's keypair to *decrypt* the e-mail in the process?

Kind regards,
--=20
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect


["smime.p7s" (application/pkcs7-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]