Snappymail now supports S/MIME - anyone know what to do?
-
Snappymail now supports S/MIME....: https://github.com/the-djmaze/snappymail/tree/v2.35.0
Anyone know how we can use this?
Now you can sign, verify, encrypt and decrypt messages using S/MIME.
For that you need your private key and certificate in the identity.
And for convenience SnappyMail has a self-signed root certificate so you can easily create your own "self-signed" certificates.
There are still some things todo, but you can use it.
As a benefit, when you "verify" signed messages, SnappyMail will automatically add the found certificates in the smime storage (user settings -> security).
-
Those certificates are something you buy, correct?
-
Those certificates are something you buy, correct?
-
for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime
Pronouns: he/him | Primary language: German
-
for a start (free S/MIME certificate) try this -> https://shop.actalis.com/store/it-en/certificati-s-mime
-
@luckow Thanks! I'm new to this - how do I get the
pfxfile provided by Actalis into Snappymail?@necrevistonnezr converting from format to format and making it work is new to me too
normally I use Thunderbird for all my mail issues. I spent some life time keeping an eye on your question. In the end, here's how it worked in my quick tests:openssl pkcs12 -in [yourfile.pfx] -nocerts -out [yourfile.key] Enter Import Password: Enter PEM pass phrase: Verifying - Enter PEM pass phrase:Enter PEM pass ist your new password for the private key, which is converted into a text file. Inside you see something like
-----BEGIN ENCRYPTED PRIVATE KEY----- longlinesofalotcharacterstilltheend= -----END ENCRYPTED PRIVATE KEY-----This goes into
(taken from here https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file)
Dont ask why the command from above throws something like
Error outputting keys and certificates .....It's correct, that there is no working output from the certificate. But that's not a problem. Login into https://extrassl.actalis.it/portal/login and download your Free S/MIME Certificate. The doc type is .cert. Rename it into .txt if no suitable tool opens it for you.
It looks like-----BEGIN CERTIFICATE----- longlinesofalotcharacterstilltheend= -----END CERTIFICATE-----The text goes into
Click on "Update" and two new buttons will appear in the "New e-mail" modal.
By the way: The "Update identity" modal can be accessed via "Settings -> General -> Identity".
-
Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.
-
Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.
@fbartels Thanks for the hint! I hope itβs ok that I posted your comment more or less 1:1 upstream: https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962726137
-
Answer, https://github.com/the-djmaze/snappymail/issues/259#issuecomment-1962730783:
"you are correct.
In the future this and more are getting solved." -
Looking at the screenshots I sense an implementation issue that they sooner or later need to adress. S/Mime certificates do expire and will need to be replaced multiple times over the lifetime of an email address. But their settings only seem to hold a single certificate. Which means once you rotate your certificate, you no longer can easily access old encrypted mail.
@fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy.
But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it.Pronouns: he/him | Primary language: German
-
@fbartels and to mention another valid point: actalis.it creates a certificate and additionally a private key including password for you. This is not what I mean by privacy.
But I took the chance to play around with format changes and Snappymail. This has been an interesting part of my life to spend with it. -
J james forked this topic on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better π
Register Login