HOWTO: Programming S/MIME in Python with M2Crypto

[Ng Pheng Siong]

On Tue, Nov 27, 2001 at 08:48:44AM +0200, Graeme Longman wrote:
> From my understanding you don't need to make any changes to Outlook to
> receive digitally signed mail.

I think you do need to install your own CA cert, at least. The ZSmime HOWTO
describes the procedure for Netscape Messenger. I don't remember off-hand
if the S/MIME HOWTO does so.


> I have been using your your HOWTO to generate the certificates and the mime
> string of the signature. I have also managed to get the example, Sending
> S/MIME messages via SMTP, working with Outlook. I can't seem to get the
> earlier examples working though. I have tried fiddling with the mime string
> before sending it via SMTP but haven't had much luck. The same error
> message, "Can't open this item. An error occured in the underlying security
> system" always seems to 'pop-up', even though the actual mime of the email
> seems to correspond exactly to a working example.

Which ones fail: sign only, encrypt only, sign and encrypt?

Self-signed certs or plain certs signed by your home-grown CA? 


> I know that in the HOWTO you don't actually send the example in 'Sign' but
> have you managed to send and receive this example. If you have successfully
> then maybe it is the 'Outlook' issue.

The function sendsmime() in sendsmime.py works: I've used this to send to
Netscape Messenger successfully. sendsmime() sends plain, signed, encrypted
or signed-and-encrypted mail. I remember being quite pleased with myself
when I got that done. ;-)

Also, in demo/smime (not demo/smime.howto), there are the files ns.p7 and
ns.se.p7 which are generated by Messenger. M2Crypto.SMIME groks these.
(Although no longer, I think those demo certs have expired.)

And, you may have noticed ZSmime, which is a S/MIME-sending product for
Zope. ZSmime interoperates with Messenger, too. (Well, it should, since
ZSmime is based on M2Crypto.SMIME.)


-- 
Ng Pheng Siong <ngps at post1.com> * http://www.post1.com/home/ngps