Re: S/MIME app/x-pkcs7-mime signed-data
On Friday, January 2, 2004 at 3:46:51 PM +0100, Heiko Heil wrote:
> * Alain Bench <messtic@xxxxxxxxx> [01/02/2004 12:30]:
>> to (auto_)view properly in Mutt 1.4 the text of this pkcs7-mime
>> signed-data mail?
> a procmail/formail-solution from Alex Pleiner
Thanks for the pointer. It doesn't seem to apply to my case though.
It workarounds lack of smime-type parameter, when I have yet a correct
smime-type=signed-data one.
>> BTW Mutt 1.5.5.1 displays correctly the above p7m signed-data body,
>> but doesn't print OpenSSL verification output (not even the enclosing
>> lines with current time), reports "S/MIME signature could NOT be
>> verified.", and the index 's' stays lowercase.
> Maybe this helps... (-> ~/.muttrc-smime)
>| set smime_verify_opaque_command="openssl smime -verify -inform DER \
>| -in %s -noverify"
No: It gives me same result. I had "%C" and no "-noverify" (probably
default as I never tweaked S/MIME settings).
But thank you very much anyway: That gave me a nice solution for my
first question about Mutt 1.4. I've added 2 entries in mailcap:
| # ====================================================
| # S/MIME opaque signed messages
| # (application/x-pkcs7-mime; smime-type=signed-data)
| # ====================================================
| # attach <view-attach>: details of used certificate
| application/x-pkcs7-mime ;\
| openssl smime -pk7out -inform DER |\
| openssl pkcs7 -print_certs -text -noout |\
| less ;\
| nametemplate=%s.p7m ;\
| test=test %{smime-type} == signed-data
|
| # auto_view in pager: display mail's body,
| # without header, and verification status
| application/x-pkcs7-mime ;\
| openssl smime -verify -text -inform DER -CAfile ~/.smime/ca-bundle.crt |\
| fromdos ;\
| nametemplate=%s.p7m ;\
| test=test %{smime-type} == signed-data ;\
| copiousoutput
And in muttrc added "auto_view application/x-pkcs7-mime". This gives
me nice decoded mail display in pager with OpenSSL status below, and
cert display in attachment menu.
Half better than 1.5: I get the sig verification status. Half not:
Umlauts are not iconved to $charset (real charset label is not available
outside signed-data binary part). But that's good enough for now.
Bye! Alain.
--
DGC> you have a talent for drawing people I'd usually be happy reading
DGC> into your spiralling descents into irrelevance
I'll take that as a complement :-)
DYC in « wrong in public again ». © December 2003.