From kmail-devel Fri May 09 09:05:49 2003 From: Stefan Rompf Date: Fri, 09 May 2003 09:05:49 +0000 To: kmail-devel Subject: KSSL based S/MIME plugin available X-MARC-Message: https://marc.info/?l=kmail-devel&m=105247123813398 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--Boundary-00=_u92u+YeQ1hjdn96" --Boundary-00=_u92u+YeQ1hjdn96 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi, I've committed my KSSL based S/MIME crypto plugin to kdenonbeta/kssl-smime. The README is attached to this mail. Everybody who uses a recent KDE from CVS and S/MIME might be interested. Comments and suggestions are welcome. Stefan -- "doesn't work" is not a magic word to explain everything. --Boundary-00=_u92u+YeQ1hjdn96 Content-Type: text/english; charset="us-ascii"; name="README" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="README" MOTIVATION During development of KDE 3.1, the Aegypten project added S/MIME support to kmail with a plugin interface. Using encrypted mails at work, I wanted to switch to kmail. However, the gpg S/MIME implementation has some serious limitations: First, there was no KDE integration at all. Second, it does not support RC2. Even though especially RC2-40 should never be used for email encryption, real life shows that you will receive those messages and wish to read them. As openssl supports S/MIME and is used by KDE, I decided to make the required additions to KDE and write this plugin. REQUIREMENTS -openssl 0.9.6 -kdelibs from CVS, newer than April 29 2003, compiled with SSL support INSTALL Checkout the admin directory from kde-common or kdenonbeta, then link it f.e. with ln -s ../admin . and type make -f Makefile.cvs ./configure make make install The last command will create the softlink gpgme-smime.so in the base directory. Load this file as the SMIME crypto plugin into kmail. This ugly method is required as long as kmail has the plugin name hardcoded in some places. I'm sure that can be fixed ;-) USAGE When receiving a mail, the plugin will validate the signer and add the certificate to the kssl peer certificates. For signing, the plugin will use the default certificate selected in the crypto authentication bar of the control center, even though kmail allows you to select between all certificates for your sender email address. Once per session you will be prompted for the certificate password, normally when you sign or decrypt a mail for the first time. CAVEATS -it is not possible to search certificates by wildcard -the plugin searches by email name in the peer certificates only, not the in private certificates. To be able to encrypt to yourself, the plugin will copy the default certificate to the peer certificates whenever needed -Aegypten S/MIME and this plugin cannot be used together. However, interoperation with the gpgme-openpgp plugin is possible -uses only DES3 for encryption, this may break compatibility to S/MIME2 only clients TODO -implement certificate recovation lists into kssl -fixing all those nasty bugs -Allow selecting a certificate for signing instead of using the default one. May be this should be implemented in kmail and transferred to the plugin via an API extension -improve compatibility to kgpgcertmanager -share certificate prompting between kio and the plugin -get rid of printf ;-) CREDITS Besides the KDE and openssl people, I definitly want to mention the Aegypten project. They've designed the plugin API and added support to kmail, so I could use their interface. Stefan Rompf (sux@loplof.de) --Boundary-00=_u92u+YeQ1hjdn96 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ KMail Developers mailing list kmail@mail.kde.org http://mail.kde.org/mailman/listinfo/kmail --Boundary-00=_u92u+YeQ1hjdn96--