Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. SnappyMail
  3. Snappymail now supports S/MIME - anyone know what to do?

Snappymail now supports S/MIME - anyone know what to do?

Scheduled Pinned Locked Moved SnappyMail
12 Posts 4 Posters 2.2k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • murgeroM Offline
    murgeroM Offline
    murgero
    App Dev
    wrote on last edited by
    #2

    I think once you got the certificates generated, you just enabled both sign and encrypt options there.

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~

    1 Reply Last reply
    0
    • necrevistonnezrN Offline
      necrevistonnezrN Offline
      necrevistonnezr
      wrote on last edited by
      #3

      Those certificates are something you buy, correct?

      murgeroM 1 Reply Last reply
      0
      • necrevistonnezrN necrevistonnezr

        Those certificates are something you buy, correct?

        murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by
        #4

        @necrevistonnezr S/MIME certificates you generate on your own, free of course using openssl or other compatible tool.

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        1 Reply Last reply
        0
        • luckowL Offline
          luckowL Offline
          luckow
          translator
          wrote on last edited by
          #5

          for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime

          Pronouns: he/him | Primary language: German

          necrevistonnezrN 1 Reply Last reply
          1
          • luckowL luckow

            for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime

            necrevistonnezrN Offline
            necrevistonnezrN Offline
            necrevistonnezr
            wrote on last edited by
            #6

            @luckow Thanks! I'm new to this - how do I get the pfx file provided by Actalis into Snappymail?

            luckowL 1 Reply Last reply
            0
            • necrevistonnezrN necrevistonnezr

              @luckow Thanks! I'm new to this - how do I get the pfx file provided by Actalis into Snappymail?

              luckowL Offline
              luckowL Offline
              luckow
              translator
              wrote on last edited by
              #7

              @necrevistonnezr converting from format to format and making it work is new to me too πŸ™‚ normally I use Thunderbird for all my mail issues. I spent some life time keeping an eye on your question. In the end, here's how it worked in my quick tests:

              openssl pkcs12 -in [yourfile.pfx] -nocerts -out [yourfile.key]
              Enter Import Password:
              Enter PEM pass phrase:
              Verifying - Enter PEM pass phrase:
              

              Enter PEM pass ist your new password for the private key, which is converted into a text file. Inside you see something like

              -----BEGIN ENCRYPTED PRIVATE KEY-----
              longlinesofalotcharacterstilltheend=
              -----END ENCRYPTED PRIVATE KEY-----
              

              This goes into
              2114f1aa-131d-49a0-95b2-fbb719364df9-image.png

              (taken from here https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file)

              Dont ask why the command from above throws something like

              Error outputting keys and certificates .....
              

              It's correct, that there is no working output from the certificate. But that's not a problem. Login into https://extrassl.actalis.it/portal/login and download your Free S/MIME Certificate. The doc type is .cert. Rename it into .txt if no suitable tool opens it for you.
              It looks like

              -----BEGIN CERTIFICATE-----
              longlinesofalotcharacterstilltheend=
              -----END CERTIFICATE-----
              

              The text goes into
              0050420b-d8d7-4307-a010-ae28d5e2db27-image.png

              Click on "Update" and two new buttons will appear in the "New e-mail" modal.

              bf994ef4-79e8-41d8-8dce-6e2857bc30f2-image.png

              By the way: The "Update identity" modal can be accessed via "Settings -> General -> Identity".
              973ffd98-fb4e-4070-842c-d9480c3fa9d2-image.png

              Pronouns: he/him | Primary language: German

              1 Reply Last reply
              2
              • fbartelsF Offline
                fbartelsF Offline
                fbartels
                App Dev
                wrote on last edited by
                #8

                Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.

                necrevistonnezrN luckowL 2 Replies Last reply
                2
                • fbartelsF fbartels

                  Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.

                  necrevistonnezrN Offline
                  necrevistonnezrN Offline
                  necrevistonnezr
                  wrote on last edited by
                  #9

                  @fbartels Thanks for the hint! I hope it’s ok that I posted your comment more or less 1:1 upstream: https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962726137

                  1 Reply Last reply
                  2
                  • necrevistonnezrN Offline
                    necrevistonnezrN Offline
                    necrevistonnezr
                    wrote on last edited by
                    #10

                    Answer, https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962730783:

                    "you are correct.
                    In the future this and more are getting solved."

                    1 Reply Last reply
                    2
                    • fbartelsF fbartels

                      Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.

                      luckowL Offline
                      luckowL Offline
                      luckow
                      translator
                      wrote on last edited by
                      #11

                      @fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy. πŸ™‚ But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it.

                      Pronouns: he/him | Primary language: German

                      fbartelsF 1 Reply Last reply
                      0
                      • luckowL luckow

                        @fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy. πŸ™‚ But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it.

                        fbartelsF Offline
                        fbartelsF Offline
                        fbartels
                        App Dev
                        wrote on last edited by
                        #12

                        @luckow s/mime has been broken so many times, I don't think total privacy can be expected anyways πŸ˜…

                        1 Reply Last reply
                        2
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search