Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. SnappyMail
  3. Snappymail now supports S/MIME - anyone know what to do?

Snappymail now supports S/MIME - anyone know what to do?

Scheduled Pinned Locked Moved SnappyMail
12 Posts 4 Posters 2.2k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    wrote on last edited by
    #3

    Those certificates are something you buy, correct?

    murgeroM 1 Reply Last reply
    0
    • necrevistonnezrN necrevistonnezr

      Those certificates are something you buy, correct?

      murgeroM Offline
      murgeroM Offline
      murgero
      App Dev
      wrote on last edited by
      #4

      @necrevistonnezr S/MIME certificates you generate on your own, free of course using openssl or other compatible tool.

      --
      https://urgero.org
      ~ Professional Nerd. Freelance Programmer. ~

      1 Reply Last reply
      0
      • luckowL Offline
        luckowL Offline
        luckow
        translator
        wrote on last edited by
        #5

        for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime

        Pronouns: he/him | Primary language: German

        necrevistonnezrN 1 Reply Last reply
        1
        • luckowL luckow

          for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime

          necrevistonnezrN Offline
          necrevistonnezrN Offline
          necrevistonnezr
          wrote on last edited by
          #6

          @luckow Thanks! I'm new to this - how do I get the pfx file provided by Actalis into Snappymail?

          luckowL 1 Reply Last reply
          0
          • necrevistonnezrN necrevistonnezr

            @luckow Thanks! I'm new to this - how do I get the pfx file provided by Actalis into Snappymail?

            luckowL Offline
            luckowL Offline
            luckow
            translator
            wrote on last edited by
            #7

            @necrevistonnezr converting from format to format and making it work is new to me too πŸ™‚ normally I use Thunderbird for all my mail issues. I spent some life time keeping an eye on your question. In the end, here's how it worked in my quick tests:

            openssl pkcs12 -in [yourfile.pfx] -nocerts -out [yourfile.key]
            Enter Import Password:
            Enter PEM pass phrase:
            Verifying - Enter PEM pass phrase:
            

            Enter PEM pass ist your new password for the private key, which is converted into a text file. Inside you see something like

            -----BEGIN ENCRYPTED PRIVATE KEY-----
            longlinesofalotcharacterstilltheend=
            -----END ENCRYPTED PRIVATE KEY-----
            

            This goes into
            2114f1aa-131d-49a0-95b2-fbb719364df9-image.png

            (taken from here https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file)

            Dont ask why the command from above throws something like

            Error outputting keys and certificates .....
            

            It's correct, that there is no working output from the certificate. But that's not a problem. Login into https://extrassl.actalis.it/portal/login and download your Free S/MIME Certificate. The doc type is .cert. Rename it into .txt if no suitable tool opens it for you.
            It looks like

            -----BEGIN CERTIFICATE-----
            longlinesofalotcharacterstilltheend=
            -----END CERTIFICATE-----
            

            The text goes into
            0050420b-d8d7-4307-a010-ae28d5e2db27-image.png

            Click on "Update" and two new buttons will appear in the "New e-mail" modal.

            bf994ef4-79e8-41d8-8dce-6e2857bc30f2-image.png

            By the way: The "Update identity" modal can be accessed via "Settings -> General -> Identity".
            973ffd98-fb4e-4070-842c-d9480c3fa9d2-image.png

            Pronouns: he/him | Primary language: German

            1 Reply Last reply
            2
            • fbartelsF Offline
              fbartelsF Offline
              fbartels
              App Dev
              wrote on last edited by
              #8

              Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.

              necrevistonnezrN luckowL 2 Replies Last reply
              2
              • fbartelsF fbartels

                Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.

                necrevistonnezrN Offline
                necrevistonnezrN Offline
                necrevistonnezr
                wrote on last edited by
                #9

                @fbartels Thanks for the hint! I hope it’s ok that I posted your comment more or less 1:1 upstream: https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962726137

                1 Reply Last reply
                2
                • necrevistonnezrN Offline
                  necrevistonnezrN Offline
                  necrevistonnezr
                  wrote on last edited by
                  #10

                  Answer, https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962730783:

                  "you are correct.
                  In the future this and more are getting solved."

                  1 Reply Last reply
                  2
                  • fbartelsF fbartels

                    Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.

                    luckowL Offline
                    luckowL Offline
                    luckow
                    translator
                    wrote on last edited by
                    #11

                    @fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy. πŸ™‚ But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it.

                    Pronouns: he/him | Primary language: German

                    fbartelsF 1 Reply Last reply
                    0
                    • luckowL luckow

                      @fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy. πŸ™‚ But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it.

                      fbartelsF Offline
                      fbartelsF Offline
                      fbartels
                      App Dev
                      wrote on last edited by
                      #12

                      @luckow s/mime has been broken so many times, I don't think total privacy can be expected anyways πŸ˜…

                      1 Reply Last reply
                      2
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search