SUMMARY :email messages (openssl smime)

From: <>
Date: Tue Nov 08 2005 - 10:24:22 EST
Hi all,

First of all, thanks to kuup, and crist clark for the responses that I got from them. Both the responses were of great help. I believe my posting in this issue is valid in Sunmanagers as solaris 10 now comes with openssl included in it.

Correct me if I am wrong, but I now believe, it's the recipient's mail client which will decide how the signed portion of the message will be displayed. In addition, the S/MIME multipart/signed document is primarily intended for the users whose MUA does not support smime. In this scenario, the recipient will still be able to read the content of the email message, without having to worry about the signature part. The responses that I got took me to this link:     " ", which covers all the questions I had. 

Greatly appreciate all your feedback.


My posting:
 Hi Gurus,

For digitally signed email messages with smime messages: the recipients are receiving the regular non-signed messages, and the signed messages as attachment in the same email message. below is the command I am using:

openssl smime -sign -inkey /dir/dir1/private -signer /dir/dir1/mycert -certfile /dir/dir1/othercerts -in file -out out_file

My question is:
With S/MIME, is it only possible to send the digitaly signed messages as an attachment; or it's possible to send the signed messages such that the recipients do not have to open up any attachmentment to get the signed message. Like the one you would get with pgp signed messages.

Thanks for all the replies in advance.
I will summarize.

kuup's feedback

Not from within OpenSSL.
With OpenSSL you always produce a file, you can't integrate this file into
the body of the email message. Every mailclient produces its headers and
body in it's own way, that's why the cryptographic tools need to be
integrated into the mail program (to a certain extend) to make this work.
By means of a product specific plugin the key (or the certificate) can work
in the email client program.
GPG and PGP makes this integration possible.

crist clark's feedback

The signed portion of the message MUST be a MIME entity, if that's
what you are really asking. The portion of the message signed
is typically not given disposition as an attachment, although
the signature is.

When I run your command above, I get something like,

  MIME-Version: 1.0
  Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----13BCBEFB69C14454A8432B293EC82C5D"

  This is an S/MIME signed message


  [signed message, note thereare no MIME headers in this section.]

  Content-Type: application/x-pkcs7-signature; name="smime.p7s"
  Content-Transfer-Encoding: base64
  Content-Disposition: attachment; filename="smime.p7s"

  [encoded signature data]

As to how an email the email looks, that's more up to your MUA.
When I run a message through the process you describe above, it
shows up just beautifully in Thunderbird 1.06.

sunmanagers mailing list
Received on Tue Nov 8 10:26:03 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:52 EST