On Mon, 15 Mar 2004, Philipp Ott wrote:
As I understand, you want to sign emails. There are many digital signature
standards, which one do you want to follow?
Well, any that the majority of ppl can use: current versions of Outlook,
Outlook Express, Mozilla, Netscape.
In that case, you're tied to S/MIME signatures, as I am not aware of
PGP plugins for Outlook & Co. S/MIME is handled by "openssl" in a
scriptable fashion. You can generate S/MIME signed messages automagically.
Even though I have to admit that I strongly dislike S/MIME and all the
PKI/X509 business. I think it's a scam to extort money for certification
and has a lot of very real shortcomings when compared to OpenPGP and
PGP/MIME. For Mozilla and Netscape there is a plug-in called "enigmail"
which handles PGP/MIME. I have a sript that generates PGP/MIME signed
messages, if you need that. But, again, it might not work for Outlook and
Outlook Express.
S/MIME, PGP/MIME or PGP cleartext signature?
In what form are your emails available? Plain text, MIME payload or
RFC-822 complete with headers?
Well the emails dont need to be encrypted or so, what we just want to
ensure with the digital signature is that the contents are from us and
not tampered with. To your question I would replay that the to-be-signed
content of the email is available as a list of 7bit mime-parts, the
message contents and the encoded PDF attachments.
It doesn't answer my question. But if you want it to work out-of-the box
for the most popular email clients, go for S/MIME as much as I hate it.
--
Daniel
