Snappymail now supports S/MIME - anyone know what to do?
-
Snappymail now supports S/MIME....: https://github.com/the-djmaze/snappymail/tree/v2.35.0
Anyone know how we can use this?
Now you can sign, verify, encrypt and decrypt messages using S/MIME.
For that you need your private key and certificate in the identity.
And for convenience SnappyMail has a self-signed root certificate so you can easily create your own "self-signed" certificates.
There are still some things todo, but you can use it.
As a benefit, when you "verify" signed messages, SnappyMail will automatically add the found certificates in the smime storage (user settings -> security). -
Those certificates are something you buy, correct?
-
@necrevistonnezr S/MIME certificates you generate on your own, free of course using openssl or other compatible tool.
-
for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime
-
@necrevistonnezr converting from format to format and making it work is new to me too normally I use Thunderbird for all my mail issues. I spent some life time keeping an eye on your question. In the end, here's how it worked in my quick tests:
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [yourfile.key] Enter Import Password: Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
Enter PEM pass ist your new password for the private key, which is converted into a text file. Inside you see something like
-----BEGIN ENCRYPTED PRIVATE KEY----- longlinesofalotcharacterstilltheend= -----END ENCRYPTED PRIVATE KEY-----
This goes into
(taken from here https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file)
Dont ask why the command from above throws something like
Error outputting keys and certificates .....
It's correct, that there is no working output from the certificate. But that's not a problem. Login into https://extrassl.actalis.it/portal/login and download your Free S/MIME Certificate. The doc type is .cert. Rename it into .txt if no suitable tool opens it for you.
It looks like-----BEGIN CERTIFICATE----- longlinesofalotcharacterstilltheend= -----END CERTIFICATE-----
The text goes into
Click on "Update" and two new buttons will appear in the "New e-mail" modal.
By the way: The "Update identity" modal can be accessed via "Settings -> General -> Identity".
-
Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.
-
@fbartels Thanks for the hint! I hope itโs ok that I posted your comment more or less 1:1 upstream: https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962726137
-
Answer, https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962730783:
"you are correct.
In the future this and more are getting solved." -
@fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy. But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it.