mutt -- Trying to setup S/MIME PKI encrypted emails -- problem with smime_keys
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
mutt -- Trying to setup S/MIME PKI encrypted emails -- problem with smime_keys
I'm need to setup the ability to send PKI encrypted emails from the command line. From everything I've read Mutt seems to be the only solution for this, but correct me if I'm wrong.
So far the most promising article I've found on how to do this is here.
The first thing this and other articles I've found discuss is to run the "smime_keys init" command to build the required directories it will need under ~/.smime. I've tried this on multiple distributions including Debian, Red Hat, and CentOS. I even compiled a version of mutt directly from the source. No matter what I try it always comes back with an error as shown below.
Code:
-bash-4.2$ smime_keys init
smime_keys is not set in mutt's configuration file at /usr/bin/smime_keys line 62.
-bash-4.2$
I'm not a perl guru by any means, but I'm strong with other scripting languages. I've read through the smime_keys script that's included with mutt several times, but I'm not finding what's wrong. Any suggestions would be appreciated.
Research done. The link in #4 is by the same person whose instructions you were following.
Are those compile instructions not clear? What don't you get?
A solution for me was to indeed add `smime` options to `~/.muttrc`, so it has the following options
~/.muttrc
Code:
set smime_keys = "~/.smime/keys"
set smime_certificates = "~/.smime/certificates"
set smime_ca_location = "~/.smime/ca"
After this, `smime_keys init` should create that directory for you so you can store the keys.
Also, from `man muttrc`
Quote:
smime_keys
Type: path
Default: “”
Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle storage and re‐
trieval of keys/certs by itself. This is very basic right now, and stores keys and certifi‐
cates in two different directories, both named as the hash-value retrieved from OpenSSL. There
is an index file which contains mailbox-address keyid pair, and which can be manually edited.
This option points to the location of the private keys. (S/MIME only)
I actually figured this out a long while back. I thought I had actually posted what I ultimately did to accomplish this. I didn't need to do this through mutt after all. I wrote a script that automates the work by pulling the certificates down automatically when someone puts an email address in. I added a lot of features to it as well, including the ability to add attachments. The script I wrote is specific to my company, so I can't include all of it here. However, I've included a few excerpts below that might help others.
First off I needed to set the header depending on if the person wants to do an HTML or ASCII email. I wrote this small function below to handle that, which is determined by a command option when calling the script.
Code:
function f_header {
content=plain
if [ "$html" -eq "0" ];then
content=html
fi
cat << EOF
To: ${to}
From: ${from}
Subject: ${subject}
MIME-Version: 1.0
Content-Type: text/${content}; charset=utf-8
EOF
}
The rest is then accomplished via openssl and using the public certificates I temporarily pull down off our LDAP server for each recipient. They're handled via the ${cert_list} variable.
Code:
f_header > ${tmpEncPrep}
cat "${body}" >> ${tmpEncPrep}
f_attachment ### Function call for if file attachments were included. It appends the uuencoding of the file to the bottom of the ${tmpEncPrep}
openssl cms -encrypt -in "${tmpEncPrep}" -out "${tmpEncBody}" -from ${from} -to ${to} -subject "${subject}" -aes256 ${cert_list}
cat "${tmpEncBody}" | sendmail -f ${from} ${to}
Hopefully this helps others looking for a solution here later on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.