State of S/MIME support (emacs)
Neale Pickett
neale at lanl.gov
Thu Sep 1 15:36:06 PDT 2016
David Bremner <david at tethera.net> writes:
> The wall I hit when I was working on it was that libgmime does not
> (correctly) support S/MIME encryption/decryption. So that's why the
> command line tools only support signature verification and not
> decryption. The "good of humanity" solution (assuming you don't think
> that is eradication of S/MIME) would be to add this support to
> libgmime. I think upstream would take the patches, but didn't sound like
> it was likely to happen without external contribution. The "dirty hack"
> solution would be to use gpgsm or openssl directly from emacs.
Okay, I'll work on libgmime in my spare time, if I ever get any of that
again. You may find yourself getting a dirty hack. Please don't judge.
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> Are you looking at S/MIME encrypted mail or just S/MIME signed mail?
> there should be support for S/MIME signed mail already. as bremner
> says, it's the encrpytion layers that need work, and probably need the
> work in gmime directly first.
Encrypted, unfortunately.
----
While I'm sending an email to an archived mail list, I'll throw in this
function I just whipped out for S/MIME encrypting for all
recipients. There are a couple of very confusing suggestions for doing
this on the Emacswiki (which I will amend, someday). This one runs
interactively and encrypts to all recipients, if you have LDAP.
(defun neale/smime-encrypt ()
"S/MIME encrypt to all recipients and yourself.
Looks up everybody in LDAP to get their key first.
"
(interactive)
(mml-unsecure-message)
(let* ((recips (mm-delete-duplicates (split-string (message-options-set-recipient) ", ")))
(mycertbuf (smime-cert-by-ldap user-mail-address))
(certbufs (mapcar 'smime-cert-by-ldap recips))
(tags '()))
(dolist (certbuf certbufs)
(setq tags (cons (buffer-name certbuf) tags))
(setq tags (cons 'certfile tags)))
(save-excursion
(goto-char (point-min))
(cond ((re-search-forward
(concat "^" (regexp-quote mail-header-separator) "\n") nil t)
(goto-char (setq insert-loc (match-end 0)))
(unless (looking-at "<#secure")
(apply 'mml-insert-tag
'secure
'method "smime"
'mode "encrypt"
'certfile (buffer-name mycertbuf)
tags)))))))
--
Neale Pickett <neale at lanl.gov>
More information about the notmuch
mailing list