1 ;;; smime.el --- S/MIME support library
3 ;; Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
4 ;; 2009, 2010 Free Software Foundation, Inc.
6 ;; Author: Simon Josefsson <simon@josefsson.org>
7 ;; Keywords: SMIME X.509 PEM OpenSSL
9 ;; This file is part of GNU Emacs.
11 ;; GNU Emacs is free software: you can redistribute it and/or modify
12 ;; it under the terms of the GNU General Public License as published by
13 ;; the Free Software Foundation, either version 3 of the License, or
14 ;; (at your option) any later version.
16 ;; GNU Emacs is distributed in the hope that it will be useful,
17 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;; GNU General Public License for more details.
21 ;; You should have received a copy of the GNU General Public License
22 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
26 ;; This library perform S/MIME operations from within Emacs.
28 ;; Functions for fetching certificates from public repositories are
29 ;; provided, currently from DNS and LDAP.
31 ;; It uses OpenSSL (tested with version 0.9.5a and 0.9.6) for signing,
32 ;; encryption and decryption.
34 ;; Some general knowledge of S/MIME, X.509, PKCS#12, PEM etc is
35 ;; probably required to use this library in any useful way.
36 ;; Especially, don't expect this library to buy security for you. If
37 ;; you don't understand what you are doing, you're as likely to lose
38 ;; security than gain any by using this library.
40 ;; This library is not intended to provide a "raw" API for S/MIME,
41 ;; PKCSx or similar, it's intended to perform common operations
42 ;; done on messages encoded in these formats. The terminology chosen
45 ;; The home of this file is in Gnus, but also available from
46 ;; http://josefsson.org/smime.html.
48 ;;; Quick introduction:
50 ;; Get your S/MIME certificate from VeriSign or someplace. I used
51 ;; Netscape to generate the key and certificate request and stuff, and
52 ;; Netscape can export the key into PKCS#12 format.
54 ;; Enter OpenSSL. To be able to use this library, it need to have the
55 ;; SMIME key readable in PEM format. OpenSSL is used to convert the
58 ;; $ openssl pkcs12 -in mykey.p12 -clcerts -nodes > mykey.pem
61 ;; Now, use M-x customize-variable smime-keys and add mykey.pem as
64 ;; Now you should be able to sign messages! Create a buffer and write
65 ;; something and run M-x smime-sign-buffer RET RET and you should see
66 ;; your message MIME armored and a signature. Encryption, M-x
67 ;; smime-encrypt-buffer, should also work.
69 ;; To be able to verify messages you need to build up trust with
70 ;; someone. Perhaps you trust the CA that issued your certificate, at
71 ;; least I did, so I export it's certificates from my PKCS#12
74 ;; $ openssl pkcs12 -in mykey.p12 -cacerts -nodes > cacert.pem
77 ;; Now, use M-x customize-variable smime-CAs and add cacert.pem as a
80 ;; You should now be able to sign messages, and even verify messages
81 ;; sent by others that use the same CA as you.
85 ;; Don't complain that this package doesn't do encrypted PEM files,
86 ;; submit a patch instead. I store my keys in a safe place, so I
87 ;; didn't need the encryption. Also, programming was made easier by
88 ;; that decision. One might think that this even influenced were I
89 ;; store my keys, and one would probably be right. :-)