Home > Archive > PERL Modules > March 2004 > howto digitially sign emails programmatically with pgp?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
howto digitially sign emails programmatically with pgp?
|
|
| Philipp Ott 2004-03-19, 12:55 pm |
| Hello!
I m looking for a solution to generate a digitally signed mime-email
with linux/perl and to feed/pipe this then to sendmail. I found RFCs
related to mime-signed etc. but somehow fail to implement them or rather
make it work.
Is there a fininshed cpan module that can do this? I didnt find one though.
Second, what if i want to use verisign/thawte digital certs for email
signing, howto do this programmatically?
Thank you for any help,
regards
Philipp
| |
| Nagy Daniel 2004-03-19, 12:55 pm |
| Could you please be a little more specific about what you want to achieve?
As I understand, you want to sign emails. There are many digital signature
standards, which one do you want to follow?
S/MIME, PGP/MIME or PGP cleartext signature?
In what form are your emails available? Plain text, MIME payload or
RFC-822 complete with headers?
--
Daniel
| |
| Philipp Ott 2004-03-19, 12:55 pm |
| Hello!
Nagy Daniel schrieb:
> Could you please be a little more specific about what you want to achieve?
Well, given are a text file with the message content and 1+ PDF files.
It works fine to generate MIME-Emails and we can send them sans problem.
> As I understand, you want to sign emails. There are many digital signature
> standards, which one do you want to follow?
Well, any that the majority of ppl can use: current versions of Outlook,
Outlook Express, Mozilla, Netscape.
> S/MIME, PGP/MIME or PGP cleartext signature?
> In what form are your emails available? Plain text, MIME payload or
> RFC-822 complete with headers?
Well the emails dont need to be encrypted or so, what we just want to
ensure with the digital signature is that the contents are from us and
not tampered with. To your question I would replay that the to-be-signed
content of the email is available as a list of 7bit mime-parts, the
message contents and the encoded PDF attachments.
Thank you,
regards
Philipp Ott
| |
| Nagy Daniel 2004-03-19, 12:56 pm |
| On Mon, 15 Mar 2004, Philipp Ott wrote:
>
> Well, any that the majority of ppl can use: current versions of Outlook,
> Outlook Express, Mozilla, Netscape.
In that case, you're tied to S/MIME signatures, as I am not aware of
PGP plugins for Outlook & Co. S/MIME is handled by "openssl" in a
scriptable fashion. You can generate S/MIME signed messages automagically.
Even though I have to admit that I strongly dislike S/MIME and all the
PKI/X509 business. I think it's a scam to extort money for certification
and has a lot of very real shortcomings when compared to OpenPGP and
PGP/MIME. For Mozilla and Netscape there is a plug-in called "enigmail"
which handles PGP/MIME. I have a sript that generates PGP/MIME signed
messages, if you need that. But, again, it might not work for Outlook and
Outlook Express.
>
> Well the emails dont need to be encrypted or so, what we just want to
> ensure with the digital signature is that the contents are from us and
> not tampered with. To your question I would replay that the to-be-signed
> content of the email is available as a list of 7bit mime-parts, the
> message contents and the encoded PDF attachments.
It doesn't answer my question. But if you want it to work out-of-the box
for the most popular email clients, go for S/MIME as much as I hate it.
--
Daniel
| |
| Clement Seveillac 2004-03-19, 12:56 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nagy Daniel <nagydani@cs.bme.hu> wrote:
> In that case, you're tied to S/MIME signatures, as I am not aware of
> PGP plugins for Outlook & Co.
Well the commercial PGP versions (Personal, Workgroup and Enterprise)
have plugins for Outlook, Outlook Express, Eudora, Entourage, and Apple
Mail at least [1]. Since you talk about Enigmail afterwards, I think you
don't mean Mozilla and Mozilla Thunderbird in your "& Co." :)
There are also free solutions to sign, verify, encrypt and decrypt
text & files, more or less integrated to mail clients. For example
WinPT has a 'tray' icon that can process files, or the text which is in
your clipboard, plus it has Eudora and Outlook Express plugins [2].
[1] http://www.pgp.com/products/personal.html for example
[2] http://winpt.sourceforge.net/en/download.php
> For Mozilla and Netscape there is a plug-in called "enigmail"
> which handles PGP/MIME. I have a sript that generates PGP/MIME signed
> messages, if you need that. But, again, it might not work for Outlook and
> Outlook Express.
I really like Enigmail, as you can see in my GnuPG comment :-) Could
you send your PGP/MIME signing scripts by the way, I'd like to see how
it looks like?
Best regards,
- --
clem
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Secure Email! http://dudu.dyn.2-h.org/gpg-enigmail-howto
iQEVAwUBQFsYb5C029jjKP/wAQJrjQf/SVh7Q7bjeUiD52LL/xvetJwDT0LypLjQ
KI+qvPlZgkxmsKEusChxyZ/ 4EtJ5nz2N+qEqFwRijaked+MaunbIxQrhhCdxgGt
G
mCfh9PmTtBUmwMqX2qcYnbrpFxX+n2JHbTSWQeQ7
1x+JxQyKXLxcPgUHPLe3pLTO
3l7K9CiUqKZMI9drHIwFiC68u6xx9isQ5ETQakD9
PAT8NaEQjn0fwhURWTWb4sl/
l4CfaVKRJh+W1SqLE3eKnPFdVSjSPS7mT8ALYsLO
XCkt7ER8dn3NSgFvo8JedzIF
PDx9dQTOnZ6Qcd7X71Xsij+Ewws36ZnQlc2Dk124
mqkiMX2SzbeGUw==
=L4AL
-----END PGP SIGNATURE-----
|
|
|
|
|