Previous Next Table of Contents

15. S/MIME

Version 0.44 of premail contains limited support for S/MIME messages. Basic message formatting works, but there are problems with creating usable certificates, and there is still no support for an encryption algorithm interoperable with RC2. However, a few hearty souls may wish to experiment with the S/MIME functionality that is present. This section explains how to do it.

First, you must install RIPEM 3.0b2 (or later). This is available from the ripem export-controlled FTP site. You'll need to get an account on the server in order to download any of the export-controlled code - the GETTING_ACCESS file on the site explains how.

Once you have RIPEM installed (and the ripem configuration option pointing to the executable), create a public key with this command:

premail -ripemkey

You will then be prompted for your e-mail address. Alternatively, you can give your e-mail address as a command line argument to premail -ripemkey.

After your key is created, you can send signed messages by adding the ((ssign)) command. If you send a signed message to another premail user, they will have your public key, and can send you mail, by using ((encrypt=your@user.id)).

The default encryption is Triple-DES. If the recipient can't handle it, then ((encrypt-des)) will fall back to plain DES, which most users will be able to decrypt - probably including ``export'' versions of S/MIME. Of course, the disadvantage of using plain DES is that any competent spy organization will also be able to decrypt the messages ;-).

Unfortunately, RIPEM 3.0b2 has some significant differences from other S/MIME implementations in the way it handles public key certificates. These prevent you from getting a VeriSign certificate you can use. It is, however, possible to accept VeriSign class 1 beta certificates by running the following:

> rcerts -u your@user.id
Enter password to private key:
E - Enable standard issuers...
...other choices...
  Enter choice:
e
...V - VeriSign something or other...<newline>
v
  Enter the number of months the certificate will be valid, or blank to cancel:
12
  Enter choice:
q


Previous Next Table of Contents