[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: KSSL based S/MIME plugin available
From: Stefan Rompf <srompf () isg ! de>
Date: 2003-05-09 9:05:49
[Download RAW message or body]
Hi,
I've committed my KSSL based S/MIME crypto plugin to kdenonbeta/kssl-smime.
The README is attached to this mail.
Everybody who uses a recent KDE from CVS and S/MIME might be interested.
Comments and suggestions are welcome.
Stefan
--
"doesn't work" is not a magic word to explain everything.
["README" (text/english)]
MOTIVATION
During development of KDE 3.1, the Aegypten project added S/MIME
support to kmail with a plugin interface. Using encrypted mails at
work, I wanted to switch to kmail. However, the gpg S/MIME
implementation has some serious limitations: First, there was no KDE
integration at all. Second, it does not support RC2. Even though
especially RC2-40 should never be used for email encryption, real life
shows that you will receive those messages and wish to read them.
As openssl supports S/MIME and is used by KDE, I decided to make the
required additions to KDE and write this plugin.
REQUIREMENTS
-openssl 0.9.6
-kdelibs from CVS, newer than April 29 2003, compiled with SSL support
INSTALL
Checkout the admin directory from kde-common or kdenonbeta, then link
it f.e. with
ln -s ../admin .
and type
make -f Makefile.cvs
./configure
make
make install
The last command will create the softlink gpgme-smime.so in the base
directory. Load this file as the SMIME crypto plugin into kmail. This
ugly method is required as long as kmail has the plugin name hardcoded
in some places. I'm sure that can be fixed ;-)
USAGE
When receiving a mail, the plugin will validate the signer and add the
certificate to the kssl peer certificates.
For signing, the plugin will use the default certificate selected in
the crypto authentication bar of the control center, even though kmail
allows you to select between all certificates for your sender email
address.
Once per session you will be prompted for the certificate password,
normally when you sign or decrypt a mail for the first time.
CAVEATS
-it is not possible to search certificates by wildcard
-the plugin searches by email name in the peer certificates only, not
the in private certificates. To be able to encrypt to yourself, the
plugin will copy the default certificate to the peer certificates
whenever needed
-Aegypten S/MIME and this plugin cannot be used together. However,
interoperation with the gpgme-openpgp plugin is possible
-uses only DES3 for encryption, this may break compatibility to
S/MIME2 only clients
TODO
-implement certificate recovation lists into kssl
-fixing all those nasty bugs
-Allow selecting a certificate for signing instead of using the
default one. May be this should be implemented in kmail and
transferred to the plugin via an API extension
-improve compatibility to kgpgcertmanager
-share certificate prompting between kio and the plugin
-get rid of printf ;-)
CREDITS
Besides the KDE and openssl people, I definitly want to mention the
Aegypten project. They've designed the plugin API and added support to
kmail, so I could use their interface.
Stefan Rompf (sux@loplof.de)
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic