Re: signing and encrypting with new <#secure> tag

[david.goldberg6@verizon.net (David S. Goldberg)]

>>>>> On Sat, 13 Apr 2002 23:49:25 -0400, Josh Huber
>>>>> <huber@alum.wpi.edu> said:

> Well, they're not deprecated really, but they don't do the Right Thing
> when your message has multiple parts.  Those functions are for signing
> & encrypting parts of a message, and the <#secure tags are basically a
> meta tag which expands to either a part or multipart tag depending on
> if there are attachments in the message.

Ah.  Thank you for that.  I hadn't tried doing anything with
attachments and so didn't notice.

> Now, as for encrypt & sign, what to do?

> I don't use S/MIME, so I didn't get a chance to test the secure tags
> for it.

> With PGP/MIME right now encrypting signs as well...

> There are basically 2 ways to do it with PGP/MIME:

> 1) sign the message using standard PGP/MIME signing, then encrypt that
>    message.
> 2) encrypt the message with an embedded signature (using --sign with
>    GnuPG)

> How does S/MIME handle sign+encrypt?

I've only ever got openssl to handle option 1.  It looks like it
should be able to do option 2, but I haven't ever figured out how to
do so properly.  If I try to sign and encrypt in the same command line
I end up with complaints about unable to decrypt PKCS7 structure.

> Basically, the pgp and pgpmime functions use mode=encrypt for now
> (always), but the smime ones default to signencrypt.  I've set it up
> so if you give the encrypt option a prefix argument it goes back to
> only encrypting.

> Please try it out!

It works great.  Thanks!

-- 
Dave Goldberg
david.goldberg6@verizon.net