Hi all,
Is there a way to sign emails with S/MIME in aerc? I looked through the
man pages and found the following options that /might/ work, but don’t
specifically mention S/MIME signatures. I would just test them, but I
really don’t want to accidentally expose my private key if arec’s
expecting a different format — especially since my my certificate isn’t
self-signed:
signature-cmd
This seems the most promising, but also the most likely
to send the wrong thing. Possible commands I can think
of include gpgsm(1) and openssl smime(1ossl), but I’m
open to using whatever in order to make it work.
signature-file
This only seems likely to work if aerc actually supports
S/MIME, which I doubt because it’s not documented or
mentioned anywhere.
pgp-auto-sign + some way of changing the pgp command to gpgsm
This could work if gpgsm has the same API as gpg, which
seems both likely and unlikely.
pgp-auto-sign + pgp-key-id
This method hopes that gpg can also handle signing with
gpgsm keys, which I’m almost certain it doesn’t.
Thanks,
--
DJ Chase
They, Them, Theirs
Funny that you ask, I recently raised that issue on IRC. I would also
work on it, but have you got an idea on how to best store the keys?
I would S/MIME sign this message, but the attachment is rejected by our
list.
--
Kind regards,
Mit freundlichen Grüßen,
Moritz Poldrack
https://moritz.sh
On Wed Jun 22, 2022 at 4:35 AM CEST, DJ Chase wrote:
> signature-cmd> This seems the most promising, but also the most likely> to send the wrong thing. Possible commands I can think> of include gpgsm(1) and openssl smime(1ossl), but I’m> open to using whatever in order to make it work.>> signature-file> This only seems likely to work if aerc actually supports> S/MIME, which I doubt because it’s not documented or> mentioned anywhere.
Both of these are for signatures as in the part below --; not
cryptographic signatures.
>> pgp-auto-sign + some way of changing the pgp command to gpgsm> This could work if gpgsm has the same API as gpg, which> seems both likely and unlikely.>> pgp-auto-sign + pgp-key-id> This method hopes that gpg can also handle signing with> gpgsm keys, which I’m almost certain it doesn’t.
I'll try around a bit with openssl vs gpgsm and will let you know.
--
Moritz Poldrack
https://moritz.sh
On Wed Jun 22, 2022 at 6:40 AM EDT, Moritz Poldrack wrote:
> On Wed Jun 22, 2022 at 4:35 AM CEST, DJ Chase wrote:> > signature-cmd> > This seems the most promising, but also the most likely> > to send the wrong thing. Possible commands I can think> > of include gpgsm(1) and openssl smime(1ossl), but I’m> > open to using whatever in order to make it work.> >> > signature-file> > This only seems likely to work if aerc actually supports> > S/MIME, which I doubt because it’s not documented or> > mentioned anywhere.>> Both of these are for signatures as in the part below --; not> cryptographic signatures.
Oh that’s good to know; I’ve been typing my signature for a few weeks
now (:
> > pgp-auto-sign + some way of changing the pgp command to gpgsm> > This could work if gpgsm has the same API as gpg, which> > seems both likely and unlikely.> >> > pgp-auto-sign + pgp-key-id> > This method hopes that gpg can also handle signing with> > gpgsm keys, which I’m almost certain it doesn’t.>> I'll try around a bit with openssl vs gpgsm and will let you know.
Thanks Moritz.
Cheers,
--
DJ Chase
They, Them, Theirs
On Wed Jun 22, 2022 at 12:59 AM EDT, Moritz Poldrack wrote:
> Funny that you ask, I recently raised that issue on IRC. I would also > work on it, but have you got an idea on how to best store the keys?
Maybe gpgsm or xdg-secrets-tool?
Cheers,
--
DJ Chase
They, Them, Theirs
Hei,
do we have any updates on S/MIME support? I searched the man pages but did not properly found a solution, this is how it got me on this thread.
Best Felix