From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/46421
Path: main.gmane.org!not-for-mail
From: David S Goldberg <david.goldberg6@verizon.net>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: How does one pgp/mime encrypt to different recipients?
Date: Fri, 06 Sep 2002 11:22:36 -0400
Organization: I Yam What I Yam
Sender: owner-ding@hpc.uh.edu
Message-ID: <u8z7khzkurn.fsf@blackbird-2k.MITRE.ORG>
References: <874rd844xt.fsf@athene.jamux.com>
	<iluk7m4gnps.fsf@latte.josefsson.org>
	<87it1o10gr.fsf@athene.jamux.com>
	<87heh7yvjt.fsf@mail.paradoxical.net>
	<u8zit1l3lk9.fsf@blackbird-2k.MITRE.ORG>
	<87ofbdizhv.fsf@mail.paradoxical.net>
	<u8z4rd42xad.fsf@blackbird-2k.MITRE.ORG>
	<87wuq0tli1.fsf@mail.paradoxical.net>
NNTP-Posting-Host: localhost.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1031325816 17878 127.0.0.1 (6 Sep 2002 15:23:36 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Fri, 6 Sep 2002 15:23:36 +0000 (UTC)
Return-path: <owner-ding@hpc.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 17nKxK-0004dz-00
	for <ding-account@gmane.org>; Fri, 06 Sep 2002 17:23:34 +0200
Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 17nKwt-0001hD-00; Fri, 06 Sep 2002 10:23:07 -0500
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Fri, 06 Sep 2002 10:23:43 -0500 (CDT)
Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66])
	by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id KAA02899
	for <ding@hpc.uh.edu>; Fri, 6 Sep 2002 10:23:29 -0500 (CDT)
Original-Received: (qmail 4239 invoked by alias); 6 Sep 2002 15:22:49 -0000
Original-Received: (qmail 4234 invoked from network); 6 Sep 2002 15:22:49 -0000
Original-Received: from smtpproxy1.mitre.org (192.160.51.75)
  by gnus.org with SMTP; 6 Sep 2002 15:22:49 -0000
Original-Received: from avsrv1.mitre.org (avsrv1.mitre.org [129.83.20.58])
	by smtpproxy1.mitre.org (8.11.3/8.11.3) with ESMTP id g86FMl414278
	for <ding@gnus.org>; Fri, 6 Sep 2002 11:22:47 -0400 (EDT)
Original-Received: from MAILHUB1 (mailhub1.mitre.org [129.83.20.31])
	by smtpsrv1.mitre.org (8.11.3/8.11.3) with ESMTP id g86FMkY13553
	for <ding@gnus.org>; Fri, 6 Sep 2002 11:22:46 -0400 (EDT)
Original-Received: from blackbird-2k.mitre.org (129.83.3.33) by mailhub1.mitre.org with SMTP
        id 11447819; Fri, 06 Sep 2002 11:22:09 -0400
Original-To: The Gnus Mailing List <ding@gnus.org>
X-Face: GUaHTH@nS>[7,ME@-gYZ4#Wl{z"99k@[[Y8AcP0x1paqu.,z9,XSV1WI>{q3f6^e5(zrit
	<4fV&VHhmE`uidRqtmG27;si9&r;#KSF~E#$%W8w(xdp)H4tW=\2XOk~3=@oGqqpj;m4xf
	Ow;y26396&,34@9#~4;@*S;E0cq"LM9N(us4P%F(Nxis'Vvfm9?KufH;:Q$dMa-QWGLR&K
	d0`LJZE8xb*>^yN>b]_NcU:E=Zn\1=#/(OS2
In-Reply-To: <87wuq0tli1.fsf@mail.paradoxical.net> (Josh Huber's message of
 "Thu, 05 Sep 2002 13:05:42 -0400")
Original-Lines: 42
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) XEmacs/21.4 (Honest Recruiter
 (Windows [2]), i686-pc-cygwin)
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:46421
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:46421

>>>>> On Thu, 05 Sep 2002 13:05:42 -0400, Josh Huber <huber@alum.wpi.edu> said:

> What would I need to do to setup a minimal s/mime config so I could
> test this myself?

> If I have a testing environment, I can probably fix this problem.

I wish I could provide more detail but I just use smime with the PKI
at work.  Some of my colleagues in the security business have set up
full blown PKI test environments with openssl and claim it isn't much
work but I don't know how they do it myself.

If it helps at all, my smime-related settings for gnus are:

	(setq
         smime-certificate-directory (expand-file-name "~/private/certs/")
         smime-CA-directory (expand-file-name "~/private/CAs")
         smime-keys (list (list "dsg@mitre.org"
                                 (concat smime-certificate-directory
                                         "dsg-20020208-20030802.pem"))
                          (list "old-dsg@mitre.org"
                                 (concat smime-certificate-directory
                                         "dsg-20000817-20020208.pem"))
                          (list "oldest-dsg@mitre.org"
                                 (concat smime-certificate-directory
                                         "dsg-19990224-20000817.pem"))))

That last one simply allows me to decrypt old messages by selecting
the key that was current at the time the message was sent.  The
smime-CA-directory contains a .pem file of our root key, which is used
to sign all staff keys.  I keep copies of the staff keys (pem format)
in smime-certificate-directory.  The openssl c_rehash command is
necessary in the CA directory.  I gathered from smime.el that it
should be run in the certificate directory as well, but I'm not sure
the hashes are actually used since I'm asked to provide the PEM file
explicitly.

Thanks,

-- 
Dave Goldberg
david.goldberg6@verizon.net