S/MIME-verification

To: Mutt Users <mutt-users@xxxxxxxx>
Subject: S/MIME-verification
From: Heiko Heil <heiko.heil@xxxxxx>
Date: Tue, 1 Jun 2004 23:28:23 +0200
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: Mutt Users <mutt-users@xxxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.6i
Hello mutt-users,

when I try to open a signed and encrypted mail, the following
openssl(?)-ouput appears (after entering my smime-passphrase):

  [-- OpenSSL output follows (current time: Mon May 31 16:11:09 2004) --]
  No recipient certificate and key specified
  Usage smime [options] cert.pem ...
  where options are
  [...]

(Status-line: S/MIME signature could NOT be verified.)

After exit (q) and re-open (return) the following output in (IMHO)
*proper style* appears:

  [-- The following data is S/MIME encrypted --]
  [-- OpenSSL output follows (current time: Mon May 31 16:12:14 2004) --]
  Verification Successful
  [-- End of OpenSSL output --]

  [-- The following data is signed --]

  secret text

  [-- End of signed data --]

  [-- End of S/MIME encrypted data. --]

(Status-line: S/MIME signature successfully verified.)

I have noticed the same beaviour with encrypted-only mails (of course
without the "Verification Successful"-message).

Can anyone tell me, what's wrong with my configuration?

,----[ ~/.muttrc-smime ]
| # .muttrc-smime
| 
| ## The following options are only available if you have
| ## compiled in S/MIME support
| 
| # If you compiled mutt with support for both PGP and S/MIME, PGP
| # will be the default method unless the following option is set
| set smime_is_default
| 
| # highlight smime
| #color index yellow  default ~g
| #color index green   default ~V
| 
| # Uncoment this if you don't want to set labels for certificates you add.
| # unset smime_ask_cert_label
| 
| # Passphrase expiration
| set smime_timeout=300
| 
| # Global crypto options -- these affect PGP operations as well.
| set crypt_autosign = no
| set crypt_replyencrypt = yes
| set crypt_replysign = yes
| set crypt_replysignencrypted = yes
| set crypt_verify_sig = yes
| 
| # Section A: Key Management.
| 
| # The (default) keyfile for signing/decrypting.  Uncomment the following
| # line and replace the keyid with your own.
| set smime_default_key="********.0"
| 
| # Uncommen to make mutt ask what key to use when trying to decrypt a message.
| # It will use the default key above (if that was set) else.
| # unset smime_decrypt_use_default_key
| 
| # Path to a file or directory with trusted certificates
| set smime_ca_location="~/.smime/ca-bundle.crt"
| 
| # Path to where all known certificates go. (must exist!)
| set smime_certificates="~/.smime/certificates"
| 
| # Path to where all private keys go. (must exist!)
| set smime_keys="~/.smime/keys"
| 
| # These are used to extract a certificate from a message.
| # First generate a PKCS#7 structure from the message.
| set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out"
| 
| # Extract the included certificate(s) from a PKCS#7 structure.
| set smime_get_cert_command="openssl pkcs7 -print_certs -in %f"
| 
| # Extract the signer's certificate only from a S/MIME signature (sender 
verification)
| set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify 
-signer %c -out /dev/null"
| 
| # This is used to get the email address the certificate was issued to.
| set smime_get_cert_email_command="openssl x509 -in  %f -noout -email"
| 
| # Add a certificate to the database using smime_keys.
| set smime_import_cert_command="smime_keys add_cert %f"
| 
| 
| 
| # Sction B: Outgoing messages
| 
| # Algorithm to use for encryption.
| # valid choices are rc2-40, rc2-64, rc2-128, des, des3
| set smime_encrypt_with="des3"
| 
| # Encrypt a message. Input file is a MIME entity.
| set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c"
| 
| # Sign.
| set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin 
stdin -in %f -certfile %i -outform DER"
| 
| 
| 
| #Section C: Incoming messages
| 
| # Decrypt a message. Output is a MIME entity.
| set smime_decrypt_command="openssl smime -decrypt  -passin stdin -inform DER 
-in %f -inkey %k -recip %c"
| 
| # Verify a signature of type multipart/signed
| set smime_verify_command="openssl smime -verify -inform DER -in %s %C 
-content %f"
| 
| # Verify a signature of type application/x-pkcs7-mime
| set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s %C"
| 
| 
| 
| # Section D: Alternatives
| 
| # Sign.  If you wish to NOT include the certificate your CA used in signing
| # your public key, use this command instead.
| # set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin 
stdin -in %f -outform DER"
| #
| # In order to verify the signature only and skip checking the certificate  
chain:
| #
| # set smime_verify_command="openssl smime -verify -inform DER -in %s -content 
%f -noverify"
| # set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s 
-noverify"
| #
`----

,----[ Mutt-Version ]
| Mutt 1.5.6i (2004-02-01)
| Copyright (C) 1996-2002 Michael R. Elkins and others.
| Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
| Mutt is free software, and you are welcome to redistribute it
| under certain conditions; type `mutt -vv' for details.
| 
| System: Linux 2.4.18-ff8.3 (i686) [using ncurses 5.2]
| Compile options:
| -DOMAIN
| -DEBUG
| -HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE
| +USE_FCNTL  -USE_FLOCK
| -USE_POP  +USE_IMAP  -USE_GSS  +USE_SSL  -USE_SASL  -USE_SASL2
| +HAVE_REGCOMP  -USE_GNU_REGEX
| +HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET
| +HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM
| +CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME
| -CRYPT_BACKEND_GPGME  -BUFFY_SIZE -EXACT_ADDRESS  -SUN_ATTACHMENT
| +ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET
| +HAVE_LANGINFO_YESEXPR
| +HAVE_ICONV  -ICONV_NONTRANS  -HAVE_LIBIDN  +HAVE_GETSID
| +HAVE_GETADDRINFO
| -ISPELL
| SENDMAIL="/usr/sbin/sendmail"
| MAILPATH="/var/mail"
| PKGDATADIR="/users/heiko/share/mutt"
| SYSCONFDIR="/users/heiko/etc"
| EXECSHELL="/bin/sh"
| -MIXMASTER
| To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
| To report a bug, please use the flea(1) utility.
`----

,----[ header ]
| [...]
| MIME-Version: 1.0
| [...]
| Content-Type: application/x-pkcs7-mime; name="smime.p7m"
| Content-Transfer-Encoding: base64
| Content-Disposition: attachment; filename="smime.p7m"
| Content-Description: S/MIME Encrypted Message
| [...]
`----


Cheers,
Heiko
Follow-Ups:
- Re: S/MIME-verification
  - From: Heiko Heil
- Re: S/MIME-verification
  - From: Heiko Heil
Prev by Date: extensible mutt gone?
Next by Date: browser beeps at me
Previous by thread: extensible mutt gone?
Next by thread: Re: S/MIME-verification
Index(es):
- Date
- Thread