State of S/MIME support (emacs)

Neale Pickett neale at lanl.gov
Thu Sep 1 15:36:06 PDT 2016 

David Bremner <david at tethera.net> writes:

> The wall I hit when I was working on it was that libgmime does not
> (correctly) support S/MIME encryption/decryption. So that's why the
> command line tools only support signature verification and not
> decryption.  The "good of humanity" solution (assuming you don't think
> that is eradication of S/MIME) would be to add this support to
> libgmime. I think upstream would take the patches, but didn't sound like
> it was likely to happen without external contribution. The "dirty hack"
> solution would be to use gpgsm or openssl directly from emacs.

Okay, I'll work on libgmime in my spare time, if I ever get any of that
again. You may find yourself getting a dirty hack. Please don't judge.



Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> Are you looking at S/MIME encrypted mail or just S/MIME signed mail?
> there should be support for S/MIME signed mail already.  as bremner
> says, it's the encrpytion layers that need work, and probably need the
> work in gmime directly first.

Encrypted, unfortunately.

----

While I'm sending an email to an archived mail list, I'll throw in this
function I just whipped out for S/MIME encrypting for all
recipients. There are a couple of very confusing suggestions for doing
this on the Emacswiki (which I will amend, someday). This one runs
interactively and encrypts to all recipients, if you have LDAP.


(defun neale/smime-encrypt ()
  "S/MIME encrypt to all recipients and yourself.

Looks up everybody in LDAP to get their key first.
"
  (interactive)
  (mml-unsecure-message)
  (let* ((recips (mm-delete-duplicates (split-string (message-options-set-recipient) ", ")))
	 (mycertbuf (smime-cert-by-ldap user-mail-address))
	 (certbufs (mapcar 'smime-cert-by-ldap recips))
	 (tags '()))
    (dolist (certbuf certbufs)
      (setq tags (cons (buffer-name certbuf) tags))
      (setq tags (cons 'certfile tags)))
    (save-excursion
      (goto-char (point-min))
      (cond ((re-search-forward
	      (concat "^" (regexp-quote mail-header-separator) "\n") nil t)
	     (goto-char (setq insert-loc (match-end 0)))
	     (unless (looking-at "<#secure")
	       (apply 'mml-insert-tag
		      'secure
		      'method "smime"
		      'mode "encrypt"
		      'certfile (buffer-name mycertbuf)
		      tags)))))))



-- 
Neale Pickett <neale at lanl.gov>

More information about the notmuch mailing list