Added Cyg-Win
This commit is contained in:
parent
82cbc206eb
commit
413c315806
10586 changed files with 3806249 additions and 0 deletions
96
Agent-Windows/OGP64/usr/share/doc/mutt/smime-notes.txt
Normal file
96
Agent-Windows/OGP64/usr/share/doc/mutt/smime-notes.txt
Normal file
|
|
@ -0,0 +1,96 @@
|
|||
How to add use mutt's S/MIME capabilities
|
||||
|
||||
- Add the contents of contrib/smime.rc to your .muttrc. Don't worry about
|
||||
changing the smime_sign_as line at this point -- you'll change it later.
|
||||
|
||||
- Run 'smime_keys init'.
|
||||
|
||||
- Download and install OpenSSL.
|
||||
|
||||
- Get yourself a certificate. (You can get one for free from www.thawte.com,
|
||||
or pay for one from VeriSign or one of its competitors) The way the
|
||||
process generally works, the certificate will be installed "into" your web
|
||||
browser. If you are asked what application you wish to use the
|
||||
certificate with, select Netscape. Strangely enough, "mutt" is usually not
|
||||
an option.
|
||||
|
||||
- Assuming you are using Mozilla, follow the instructions at
|
||||
www.verisignlabs.com/Projects/smime_docs/linux.html to export the
|
||||
certificate into a file called cert.p12. If you don't use Mozilla, you're
|
||||
on your own.
|
||||
|
||||
- Run "smime_keys add_p12 cert.p12"
|
||||
|
||||
* When the script asks for the "Import password", enter the one you
|
||||
provided when you exported the certificate.
|
||||
|
||||
* When it asks for a "PEM pass phrase", make up a new password. Every
|
||||
time you sign or decrypt a message, mutt will ask for the PEM pass
|
||||
phrase.
|
||||
|
||||
* Finally, when the script asks for a label, enter an easy-to-remember
|
||||
name for the certificate, such as "me". The script output will include
|
||||
a line like:
|
||||
|
||||
added private key: /home/raldi/.smime/keys/12345678.0 for raldi@verisignlabs.com
|
||||
|
||||
The number (including the ".0" at the end) is your keyid. You will
|
||||
need this number in the next step.
|
||||
|
||||
- There is no more ca-bundle.crt file with the trusted roots to import shipped
|
||||
in mutt. The user is encouraged to use ca-bundle.crt from ca-certificate
|
||||
package. This makes you trust anything that was ultimately
|
||||
signed by one of them. You can use "smime_keys add_root" to do so, or
|
||||
just copy ca-bundle.crt into the place you point mutt's smime_ca_location
|
||||
variable to.
|
||||
|
||||
|
||||
|
||||
Other notes
|
||||
|
||||
Key management is done in a way similar to OpenSSL's CA directory. Private
|
||||
keys and certificates are stored in different directories, as OpenSSL
|
||||
expects either to be supplied in a (distinct) file. Each directory contains
|
||||
an unsorted file named '.index' wherein each line has several fields:
|
||||
mailbox, keyid, label, id of the intermediate certificate and keyflags.
|
||||
|
||||
* Keyid is a hashvalue derived from the subject field of a certificate
|
||||
and supplied by OpenSSL.
|
||||
|
||||
* The mailbox address is derived from either From or Sender field of the
|
||||
message, and matched with the email field of the certificate. Non
|
||||
matching address pairs get rejected, as get certificates not
|
||||
containing a mailbox address at all. (These are security issues, that
|
||||
perhaps should be configurable.)
|
||||
|
||||
* Label is set by the perl script (it will ask you to supply one), when
|
||||
you add your keypair to the database. So are the remaining two fields.
|
||||
|
||||
* keyflags are set with certificate verification option of the perl
|
||||
script. It may take as value one of the following: i: invalid
|
||||
(verification failed), r: revoked, e: expired, u: unverified, v:
|
||||
successfully verified and finally t: trusted, in case it was
|
||||
successfully verified and you chose to trust the certificate (the
|
||||
script will ask you). Mutt will not use invalid, revoked or expired
|
||||
certificates for signing or encryption. It will ask for confirmation
|
||||
before using unverified certificates, and finally it will issue a
|
||||
warning before using successfully verified but untrusted certificates.
|
||||
|
||||
The purpose fields of a certificate do not get verified yet, also there is
|
||||
no real check if the given file is a certificate at all.
|
||||
|
||||
Key retrieval is done obviously by searching the index file for a given
|
||||
mailbox. If none is found, the user is presented a list of available keys
|
||||
and asked to select one of those.
|
||||
|
||||
The certificate and key directories specified in muttrc have to exist. Mutt
|
||||
will not create them. If you wish to sign messages yourself, note that this
|
||||
mutt does not address any PKCS10 or PKCS12 issues (yet?); that is, you have
|
||||
to get a valid certificate outside of mutt. (See above)
|
||||
|
||||
|
||||
|
||||
A certificate can be viewed by adding the following to your ~/.mailcap:
|
||||
|
||||
application/x-pkcs7-signature;openssl pkcs7 -in %s -inform der -noout \
|
||||
-print_certs -text | less; needsterminal
|
||||
Loading…
Add table
Add a link
Reference in a new issue