« DC-area Demo Camp | Main | PyCon wrapup »

Extracting certificates from S/MIME signatures

For various reasons, I needed to set up S/MIME within mutt.

This mutt-S/MIME howto is very helpful, but it doesn't explain how to add a correspondent's key to your database. Some notes for the future:

1. Once a correspondent sends you a signed message, you can extract their certificate from the signature. Save the "smime.p7s" attachment, and then run: 

openssl pkcs7 -print_certs 
                       -inform DER -in /tmp/smime.p7s 
                       >/tmp/new-cert

2. To add this certificate to the certificate database, run: 

smime_keys  add_cert /tmp/new-cert

The smime_keys program is part of mutt, not the OpenSSL toolkit.

I used the correspondent's e-mail address as the label for the certificate, and mutt seems to pick up the recipient's certificate automatically, based on the e-mail address you're sending to.

Posted by A.M. Kuchling on February 20, 2007 10:39 AM |

Search


About

This page contains a single entry from the blog posted on February 20, 2007 10:39 AM.

The previous post in this blog was DC-area Demo Camp.

The next post in this blog is PyCon wrapup.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.31