From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/2653 Path: news.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.user Subject: Re: S/MIME and encrypted certificates Date: Sat, 21 Jun 2003 22:53:45 +0200 Message-ID: References: <87d6h7bf7c.fsf@gvdnet.dk> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1138669007 15902 80.91.229.2 (31 Jan 2006 00:56:47 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Jan 2006 00:56:47 +0000 (UTC) Original-X-From: nobody Tue Jan 17 17:31:01 2006 Original-Path: quimby.gnus.org!not-for-mail Original-Newsgroups: gnu.emacs.gnus Original-NNTP-Posting-Host: fnatte.nada.kth.se Original-X-Trace: quimby.gnus.org 1056228956 10666 130.237.226.103 (21 Jun 2003 20:55:56 GMT) Original-X-Complaints-To: usenet@quimby.gnus.org Original-NNTP-Posting-Date: 21 Jun 2003 20:55:56 GMT User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:za0QH80ukV56UhLjj6+wpLAmJxo= Original-Xref: bridgekeeper.physik.uni-ulm.de gnus-emacs-gnus:2793 Original-Lines: 27 X-Gnus-Article-Number: 2793 Tue Jan 17 17:31:01 2006 Xref: news.gmane.org gmane.emacs.gnus.user:2653 Archived-At: Martin Christensen writes: > Howdy! > > The Info pages about message security describe that when dealing with > S/MIME, certificates are expected to be stored in PEM format, which is > also explained to be unencrypted. For all things OpenPGP, it happily > prompts me for a passphrase for my keyring. The authority that has > given me this certificate does not allow the certificate to be stored > unencrypted on disk. Do you mean the private key? > Is it not possible to convince the SSL thingy (or whatever handles > S/MIME) to do the same, or would I have to implement this myself > (which doesn't look too difficult, at least using OpenSSL)? Actually smime.el support this now, the documentation is not up to date. When you sign a S/MIME message, Gnus asks you for a passphrase. This passphrase is passed on to OpenSSL via a environment variable and used to decrypt the PEM file. If the files aren't encrypted, just type RET as the passphrase. (Environment variables may not be the best idea though, improvements are welcome. However, if you decide to work on this, please consider modifying the S/MIME support in Gnus to use something else than OpenSSL, so the improvements eventually helps free software.)