~rjarry/aerc-discuss

4 2

Signing outgoing emails with S/MIME

Details
Message ID
<CKWBA3VHURF8.1U8WHQ9HJGTP2@grinningface>
DKIM signature
missing
Download raw message
Hi all,

Is there a way to sign emails with S/MIME in aerc? I looked through the
man pages and found the following options that /might/ work, but don’t
specifically mention S/MIME signatures. I would just test them, but I
really don’t want to accidentally expose my private key if arec’s
expecting a different format — especially since my my certificate isn’t
self-signed:

	signature-cmd
		This seems the most promising, but also the most likely
		to send the wrong thing. Possible commands I can think
		of include gpgsm(1) and openssl smime(1ossl), but I’m
		open to using whatever in order to make it work.

	signature-file
		This only seems likely to work if aerc actually supports
		S/MIME, which I doubt because it’s not documented or
		mentioned anywhere.

	pgp-auto-sign + some way of changing the pgp command to gpgsm
		This could work if gpgsm has the same API as gpg, which
		seems both likely and unlikely.

	pgp-auto-sign + pgp-key-id
		This method hopes that gpg can also handle signing with
		gpgsm keys, which I’m almost certain it doesn’t.

Thanks,
-- 
DJ Chase
They, Them, Theirs
Details
Message ID
<f7c77658-7ce9-47be-9fd0-9e6d5c5eff0e@poldrack.dev>
In-Reply-To
<CKWBA3VHURF8.1U8WHQ9HJGTP2@grinningface> (view parent)
DKIM signature
pass
Download raw message
Funny that you ask, I recently raised that issue on IRC. I would also 
work on it, but have you got an idea on how to best store the keys?

I would S/MIME sign this message, but the attachment is rejected by our 
list.

-- 
Kind regards,
Mit freundlichen Grüßen,

Moritz Poldrack

https://moritz.sh
Details
Message ID
<CKWLLGFRVHFN.37DLM4AH8O71J@Archetype>
In-Reply-To
<CKWBA3VHURF8.1U8WHQ9HJGTP2@grinningface> (view parent)
DKIM signature
pass
Download raw message
On Wed Jun 22, 2022 at 4:35 AM CEST, DJ Chase wrote:
> 	signature-cmd
> 		This seems the most promising, but also the most likely
> 		to send the wrong thing. Possible commands I can think
> 		of include gpgsm(1) and openssl smime(1ossl), but I’m
> 		open to using whatever in order to make it work.
>
> 	signature-file
> 		This only seems likely to work if aerc actually supports
> 		S/MIME, which I doubt because it’s not documented or
> 		mentioned anywhere.

Both of these are for signatures as in the part below --; not
cryptographic signatures.

>
> 	pgp-auto-sign + some way of changing the pgp command to gpgsm
> 		This could work if gpgsm has the same API as gpg, which
> 		seems both likely and unlikely.
>
> 	pgp-auto-sign + pgp-key-id
> 		This method hopes that gpg can also handle signing with
> 		gpgsm keys, which I’m almost certain it doesn’t.

I'll try around a bit with openssl vs gpgsm and will let you know.

--
Moritz Poldrack
https://moritz.sh
Details
Message ID
<CKWQ63G8488N.3AVG38AZ308DJ@grinningface>
In-Reply-To
<CKWLLGFRVHFN.37DLM4AH8O71J@Archetype> (view parent)
DKIM signature
missing
Download raw message
On Wed Jun 22, 2022 at 6:40 AM EDT, Moritz Poldrack wrote:
> On Wed Jun 22, 2022 at 4:35 AM CEST, DJ Chase wrote:
> > 	signature-cmd
> > 		This seems the most promising, but also the most likely
> > 		to send the wrong thing. Possible commands I can think
> > 		of include gpgsm(1) and openssl smime(1ossl), but I’m
> > 		open to using whatever in order to make it work.
> >
> > 	signature-file
> > 		This only seems likely to work if aerc actually supports
> > 		S/MIME, which I doubt because it’s not documented or
> > 		mentioned anywhere.
>
> Both of these are for signatures as in the part below --; not
> cryptographic signatures.

Oh that’s good to know; I’ve been typing my signature for a few weeks
now (:

> > 	pgp-auto-sign + some way of changing the pgp command to gpgsm
> > 		This could work if gpgsm has the same API as gpg, which
> > 		seems both likely and unlikely.
> >
> > 	pgp-auto-sign + pgp-key-id
> > 		This method hopes that gpg can also handle signing with
> > 		gpgsm keys, which I’m almost certain it doesn’t.
>
> I'll try around a bit with openssl vs gpgsm and will let you know.

Thanks Moritz.

Cheers,
-- 
DJ Chase
They, Them, Theirs
Details
Message ID
<CKWRO07DLNBH.1ETUW5A7JNX1Q@grinningface>
In-Reply-To
<f7c77658-7ce9-47be-9fd0-9e6d5c5eff0e@poldrack.dev> (view parent)
DKIM signature
missing
Download raw message
On Wed Jun 22, 2022 at 12:59 AM EDT, Moritz Poldrack wrote:
> Funny that you ask, I recently raised that issue on IRC. I would also 
> work on it, but have you got an idea on how to best store the keys?

Maybe gpgsm or xdg-secrets-tool?

Cheers,
-- 
DJ Chase
They, Them, Theirs
Reply to thread Export thread (mbox)