SMIME TOOL 29.10.1999, 17.11.1999, Sampo Kellomaki NOTE: This is still highly experimental code and build system has not been perfected yet. No Windows build is known to exist (contributions?). OFFICIAL WEB SITE http://www.bacus.pt/Net_SSLeay/smime.html BUILDING (build and install OpenSSL-0.9.4, from www.openssl.org) tar xzf smime-0.7.tgz cd smime-0.7 cons smime # get cons from http://www.dsmit.com/cons/ cons SMIMEutil.so # build the perl module (optional) ./smime -help # shows quick usage ./smime -dv ../smime-0.7.tgz (cut my certificate and distribution signature from the web site and paste to stdin) TUTORIAL PART 1: SIGNING AND ENCRYPTING First you need to have certicate and private key in pem format. To produce them, use openssl tool or export them from your browser. I illustrate the latter method first, because I'm going to use Netscape browser for interoperability testing later. You can peek at TUTORIAL PART3, Key generation if you need to do this yourself. - Go to security info dialog in Netscape browser. - From Certificates-Yours export your certificate (if you don't have a certificate installed yet, read the FAQs and mailing list archieves at www.openssl.org), save it as me.p12. It will ask for password to protect your private key. openssl pkcs12 -clcerts me.pem - it will ask for the password to open your private key and then asks you to invent a new password that will be used to protect your private key in pem format more me.pem You should see something like this: Bag Attributes friendlyName: your@email.com localKeyID: F3 85 A8 4B DA 39 B6 40 6B D6 20 01 39 46 6A 94 47 9D 2C 0F Key Attributes: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,541E04862A13F6B1 8+2vo6Iz49uj/Mf31JTgaRuIq9ueHsknsHXhmXp7s1BmS8xulT22Zzpdh6g1yqAO (snip)XeQsZrWykdWvN2qGu/cNa2HnUQAG0p25tNZ3CKmqpJBVg0RXr20JlQ== -----END RSA PRIVATE KEY----- Bag Attributes friendlyName: your@email.com localKeyID: F3 85 A8 4B DA 39 B6 40 6B D6 20 01 39 46 6A 94 47 9D 2C 0F subject=/C=PT/L=City/O=Company/OU=Dept/CN=Your Name/Email=your@email.com issuer= /C=PT/L=City/O=Your CA/OU=Personal Certs/CN=End user CA/Email=certifier@ca.com -----BEGIN CERTIFICATE----- MIIDEzCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCUFQx (snip)Tj0JYGZMzSUfzOG3wajK6B39d6EyXK8= -----END CERTIFICATE----- Ok. Now you are all set to use smime tool. First lets create simple mime entity (see RFC1521 for definition): echo foo | ./smime -mime text/plain | tee foo.mime Signing Now, let's sign it: ./smime -s me.pem password