Hi Simon,
I don't have any suitable standalone application, but it's nothing
hard to implement attached signatures and working with encrypted
e-mails using Capicom and Synapse.
>What parts of the message (plain text, HTML, attachments, etc) need to be
>encrypted?
First of all, signed (or encrypted) must be whole parts you want to
sign/encrypt. This makes signing/encrypting easy, because (for
verifying signature, for example) you just let Synapse parse your
email in MIME format, look at the Content-type headers so as to
recognize which type of signature/encryption was used, take those
whole parts and pass them to CAPICOM.
Simple algorithm for signing, using attached signature (output is one
base64 encoded part, unreadable for clients not supporting S/MIME)
would be like this:
- body := TMimeMess.Create;
- fill in the headers of body.MessagePart
- SD := CoSignedData.Create; //var SD:SignedData, defined in unit CAPICOM_TLB
- SD.Sign(body.MessagePart.lines.text,false,CAPICOM_ENCODE_BASE64)
- set body.MessagePart.ContentType to application/x-pkcs7-mime;
smime-type="signed-data"; name="smime.p7m"...
- body.MessagePart.PartBody.Text := SD.Content;
- body.EncodeMessage;
That's all, you can send your MIME message (or use
body.lines.savetofile('./smime.eml') to save and open for example in
outlook to make sure signature was ok).
For verifying, just take the base64 encoded content (don't decode it
from base64) and pass it to
SD.Verify(mimePart.PartBody.Text,false,CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE);
it raises exception or fills SD.Content with signed content and
SD.Certificates with used certificates... Procedure is very similar
for encrypting/decrypting data, you just use ED:EncryptedData instead
of SD:SignedData... Code snippet for working with detached signature
is already present in this thread.
By the way you will need some personal certificate, if you don't have
any you can use OpenSSL to generate self-signed one.
If you send some concrete question I can try to be more specific, but
making some demo app will take sooo much time...
Greetings, Peter.
2010/3/11 Simon B. <sim...@gmail.com>
>
> Hello,
>
> Could anyone give a working demo project showing how to implement
> S/MIME (using CAPICOM or other APIs)?
>
> What parts of the message (plain text, HTML, attachments, etc) need to
> be encrypted?
>
> Thank you.
>
> Simon
>
> On Tue, Mar 9, 2010 at 7:44 AM, czernitko <czerni...@gmail.com> wrote:
> > :-O instantly implemented and verified - worked like a charm! I still can't
> > believe it was THAT simple. Thanks a lot, Lukas!
> >
> > In case anyone might be looking for CAPICOM solution, I attach a few lines
> > of code for creating S/MIME with detached signature. Maybe it saves some
> > time to others:
> >
> > procedure MakeDetachedSMIME(string messContent);
> > var
> > SD : SignedData;
> > MainPart, ContentPart, SignaturePart : TMimePart;
> > MessBody: TMimeMess;
> > begin
> > //create MessBody, fill the headers
> > ...
> > //create SD
> > SD := CoSignedData.Create;
> >
> > //Create multipart as the root message part with proper headers
> > MainPart := MessBody.AddPartMultipart('signed;
> > protocol="application/x-pkcs7-signature";'+#13#10+' micalg=SHA1',nil);
> > MainPart.PrePart.Text := 'This is a multi-part message in MIME
> > format.'+#13#10+#13#10;
> >
> > //Create part with readable data to be signed
> > ContentPart := MessBody.AddPart(MainPart);
> > ContentPart.Headers.Add('Content-type: text/plain');
> > ContentPart.Headers.Add('Content-Transfer-Encoding: 7bit');
> > ContentPart.PartBody.Text := messContent;
> > ContentPart.ComposeParts;
> >
> > //Assign content to be signed
> > SD.Content := StringToWideString(ContentPart.lines.Text);
> > //Obtain base64 encoded signature from CAPICOM
> > StrBase64 :=
> > BinaryStringToString(SD.Sign(nil,true,CAPICOM_ENCODE_BASE64));
> >
> > //DAMN YOU, OUTLOOK!!
> > //Add CrLf to the end of part to be signed so as to make it
> > "Outlook-verifiable". Thanks Lukas!
> > ContentPart.PartBody.Text := ContentPart.PartBody.Text+#13#10;
> >
> > //Create signature part as the second subpart of root multipart
> > SignaturePart := MessBody.AddPart(MainPart);
> > SignaturePart.Headers.Add('Content-Type:
> > application/x-pkcs7-signature;'+#13#10#9+'name="smime.p7s"');
> > SignaturePart.Headers.Add('Content-Transfer-Encoding: base64');
> > SignaturePart.EncodingCode := ME_BASE64;
> > SignaturePart.Headers.Add('Content-Disposition:
> > attachment;'+#13#10#9+'filename="smime.p7s"');
> > SignaturePart.PartBody.Text := StrBase64;
> >
> > MessBody.EncodeMessage;
> > //Save message to a file so as to be easily opened and verified in outlook
> > locally
> > MessBody.Lines.SaveToFile('detached_signature.eml');
> > end;
> >
> > 2010/3/9 Lukas Gebauer <gebyl...@mlp.cz>
> >>
> >> I am not using CAPICOM, I am using CryptoAPI directly only.
> >>
> >> However when I try to build my own S/MIME detached signature, then I
> >> have a problem. Outlook says invalid has too. However Thunderbird is
> >> OK. :-O
> >>
> >> Solution is simple... add one empty line after signed message part
> >> before sending.
> >>
> >> Maybe similar issue causing your problems with verifying in your
> >> code.
> >>
> >>
> >> --
> >> Lukas Gebauer.
> >>
> >> http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib.
> >> http://geoget.ararat.cz/ - Geocaching solution
> >>
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> Download Intel® Parallel Studio Eval
> >> Try the new software tools for yourself. Speed compiling, find bugs
> >> proactively, and fine-tune applications for parallel performance.
> >> See why Intel Parallel Studio got high marks during beta.
> >> http://p.sf.net/sfu/intel-sw-dev
> >> _______________________________________________
> >> synalist-public mailing list
> >> synalist-public@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/synalist-public
> >
> >
> > ------------------------------------------------------------------------------
> > Download Intel® Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > synalist-public mailing list
> > synalist-public@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/synalist-public
> >
> >
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> synalist-public mailing list
> synalist-public@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/synalist-public
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public
