From: David S Goldberg <david.goldberg6@verizon.net>
Subject: Re: How does one pgp/mime encrypt to different recipients?
Date: Fri, 06 Sep 2002 11:22:36 -0400 [thread overview]
Message-ID: <u8z7khzkurn.fsf@blackbird-2k.MITRE.ORG> (raw)
In-Reply-To: <87wuq0tli1.fsf@mail.paradoxical.net> (Josh Huber's message of "Thu, 05 Sep 2002 13:05:42 -0400")
>>>>> On Thu, 05 Sep 2002 13:05:42 -0400, Josh Huber <huber@alum.wpi.edu> said:
> What would I need to do to setup a minimal s/mime config so I could
> test this myself?
> If I have a testing environment, I can probably fix this problem.
I wish I could provide more detail but I just use smime with the PKI
at work. Some of my colleagues in the security business have set up
full blown PKI test environments with openssl and claim it isn't much
work but I don't know how they do it myself.
If it helps at all, my smime-related settings for gnus are:
(setq
smime-certificate-directory (expand-file-name "~/private/certs/")
smime-CA-directory (expand-file-name "~/private/CAs")
smime-keys (list (list "dsg@mitre.org"
(concat smime-certificate-directory
"dsg-20020208-20030802.pem"))
(list "old-dsg@mitre.org"
(concat smime-certificate-directory
"dsg-20000817-20020208.pem"))
(list "oldest-dsg@mitre.org"
(concat smime-certificate-directory
"dsg-19990224-20000817.pem"))))
That last one simply allows me to decrypt old messages by selecting
the key that was current at the time the message was sent. The
smime-CA-directory contains a .pem file of our root key, which is used
to sign all staff keys. I keep copies of the staff keys (pem format)
in smime-certificate-directory. The openssl c_rehash command is
necessary in the CA directory. I gathered from smime.el that it
should be run in the certificate directory as well, but I'm not sure
the hashes are actually used since I'm asked to provide the PEM file
explicitly.
Thanks,
--
Dave Goldberg
david.goldberg6@verizon.net
next prev parent reply other threads:[~2002-09-06 15:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-02 18:33 John A. Martin
2002-09-02 20:07 ` Simon Josefsson
2002-09-02 22:38 ` John A. Martin
2002-09-03 9:45 ` Kai Großjohann
2002-09-03 14:52 ` Josh Huber
2002-09-04 13:56 ` David S Goldberg
2002-09-04 14:46 ` Josh Huber
2002-09-05 16:53 ` David S Goldberg
2002-09-05 17:05 ` Josh Huber
2002-09-06 15:22 ` David S Goldberg [this message]
2002-09-03 16:10 ` Simon Josefsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=u8z7khzkurn.fsf@blackbird-2k.MITRE.ORG \
--to=david.goldberg6@verizon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).