"Dupont, Michael" wrote:
>
> Hello,
>
> This is the newest installment in the series of absolute beginner
> questions about openssl.
>
> I have a question about using openssl smime on a file with multiple
> attachments :
>
> We are using perl MIME::Lite to create a file with lots of attachments,
> then signing it with "OpenSSL smime -sign".
> The original mail is packaged as a plain text mime in the signed
> message, and the attachments are not properly displayed.
>
> There is a smime tool for perl that can be used, but do I have to use
> it?
> SMIME TOOL 29.10.1999, 17.11.1999, Sampo Kellomaki <[EMAIL PROTECTED]>
>
> Thanks for the tip in advance.
> Mike
I've been using MIME::Entity. After looking at MIME::Lite's man page
briefly, I'd say the way I use MIME::Entity isn't much "heavier" than
use of MIME::Lite.
Basically what I do is create a multipart/mixed MIME structure, which
holds both the original message and the attachments, with their
appropriate Dispositions and encodings and Filenames and so forth. Of
this, I use just the multipart/mixed MIME structure, not the main
headers. I then call 'openssl smime -sign -in tmpfile -out signedfiled
-signer privatekey.pem'. For the actual
To/From/Subject/Reply-To/X-Mailer/etc headers, I use a separate
MIME::Entity, from which I take only the headers. These headers plus the
MIME structure makes a working signed message. This message is piped to
'sendmail -t'.
I was having problems lately, where if there were no attachments,
Outlook Express would barf and give a 'low memory or disk space' error
when attempting to view the message. I traced this down, and it ownly
happened when I was greating multipart/mixed MIME messages, but with
only one text/html part (the original message). So, in that case I don't
bother creating a multipart message, I just use one simple single
text/html part. So, now that problem is fixed, and I have
signing/encrypting/decrypting/verifying fully working between NS Mail,
OE, and acmemail (web based IMAP client). Oh, and I'm starting to sign
all messages that automatically get sent out by scripts on our website.
Is the way I'm doing it kludgy? Probably. Is there a better way? I
dunno... 'openssl smime' doesn't handle the creation of complex
multipart MIME structures very well. Yet, you can't just create a normal
email with full headers + multipart/whatever body, as it will sign the
whole thing, and can't be sent out. It took me a while to piece this all
together, but now that it works I don't want to touch it :-)
Things that tripped me up for hours, giving me corrupted messages:
- bad line endings... I was doing \r\n in some places, but \n seems to
be enough now.
- OE would only work nicely with multipart/mixed, not /related or
/alternative
- spaces between headers, "This is an S/MIME signed message", and the
multipart/* structure
- getting openssl to play nicely with passphrases (ended up using
'-passin file:tmp_passphrase_file')
- conflicting headers between what 'openssl smime' creates and what
MIME::Entity creates and what email clients expect
Here's a little snip of code that creates the MIME structure for
signing, using MIME::Entity:
# the MIME structure that will be used for signing,
# afterwards the full headers get stuck on top
# only used when there are attachments...
# things are undef'd here to force MIME::Entity not to create those
headers
# when ->stringify is called
# It does make sense in the context of the rest of my code.
my $skimpy_top = MIME::Entity->build(
To => undef,
Subject => undef,
From => undef,
'Reply-To' => undef,
Cc => undef,
Bcc => undef,
'In-Reply-To' => undef,
'Return-Path' => undef,
'X-Mailer' => undef,
'Mime-Version' => undef,
'Content-Transfer-Encoding' => undef,
boundary => undef,
Type => "multipart/mixed"
#Type => "multipart/related" # OE doesn't play nice with
/related
);
# make the main body a MIME attachment
$skimpy_top->attach(
Data => [ $body ],
Type => "text/plain",
Charset => "us-ascii",
Encoding => "7bit"
);
# attach the attachment... here is where you can loop through
# and attach multiple attachments
$skimpy_top->attach(Data => $attachment,
Filename => $filename,
Type => $attachment_type,
Disposition => 'attachment',
Encoding => '-SUGGEST'
);
# create the MIME structure
$unsigned_data = $skimpy_top->stringify;
So I hope all that helps you out somehow :-)
--
Regards,
Wim Kerkhoff, Software Engineer
Merilus, Inc. -|- http://www.merilus.com
Email: [EMAIL PROTECTED]
S/MIME Cryptographic Signature
