[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    KSSL based S/MIME plugin available
From:       Stefan Rompf <srompf () isg ! de>
Date:       2003-05-09 9:05:49
[Download RAW message or body]

Hi,

I've committed my KSSL based S/MIME crypto plugin to kdenonbeta/kssl-smime. 
The README is attached to this mail.

Everybody who uses a recent KDE from CVS and S/MIME might be interested. 
Comments and suggestions are welcome.

Stefan
-- 
"doesn't work" is not a magic word to explain everything.

["README" (text/english)]

MOTIVATION

During development of KDE 3.1, the Aegypten project added S/MIME
support to kmail with a plugin interface. Using encrypted mails at
work, I wanted to switch to kmail. However, the gpg S/MIME
implementation has some serious limitations: First, there was no KDE
integration at all. Second, it does not support RC2. Even though
especially RC2-40 should never be used for email encryption, real life
shows that you will receive those messages and wish to read them.

As openssl supports S/MIME and is used by KDE, I decided to make the
required additions to KDE and write this plugin.


REQUIREMENTS

-openssl 0.9.6
-kdelibs from CVS, newer than April 29 2003, compiled with SSL support


INSTALL

Checkout the admin directory from kde-common or kdenonbeta, then link
it f.e. with

ln -s ../admin .

and type

make -f Makefile.cvs
./configure
make
make install

The last command will create the softlink gpgme-smime.so in the base
directory. Load this file as the SMIME crypto plugin into kmail. This
ugly method is required as long as kmail has the plugin name hardcoded
in some places. I'm sure that can be fixed ;-)


USAGE

When receiving a mail, the plugin will validate the signer and add the
certificate to the kssl peer certificates.

For signing, the plugin will use the default certificate selected in
the crypto authentication bar of the control center, even though kmail
allows you to select between all certificates for your sender email
address.

Once per session you will be prompted for the certificate password,
normally when you sign or decrypt a mail for the first time.


CAVEATS

-it is not possible to search certificates by wildcard
-the plugin searches by email name in the peer certificates only, not
 the in private certificates. To be able to encrypt to yourself, the
 plugin will copy the default certificate to the peer certificates
 whenever needed
-Aegypten S/MIME and this plugin cannot be used together. However,
 interoperation with the gpgme-openpgp plugin is possible
-uses only DES3 for encryption, this may break compatibility to
 S/MIME2 only clients


TODO

-implement certificate recovation lists into kssl
-fixing all those nasty bugs
-Allow selecting a certificate for signing instead of using the
 default one. May be this should be implemented in kmail and
 transferred to the plugin via an API extension
-improve compatibility to kgpgcertmanager
-share certificate prompting between kio and the plugin
-get rid of printf ;-)


CREDITS

Besides the KDE and openssl people, I definitly want to mention the
Aegypten project. They've designed the plugin API and added support to
kmail, so I could use their interface.


Stefan Rompf (sux@loplof.de)



_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic