;;; smime.el --- S/MIME support library
-;; Copyright (c) 2000 Free Software Foundation, Inc.
+
+;; Copyright (C) 2000, 2001, 2002, 2003, 2004,
+;; 2005, 2006 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: SMIME X.509 PEM OpenSSL
-;; This file is not a part of GNU Emacs, but the same permissions apply.
+;; This file is part of GNU Emacs.
;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published
;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING. If not, write to the
-;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-;; Boston, MA 02111-1307, USA.
+;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+;; Boston, MA 02110-1301, USA.
;;; Commentary:
;; This library perform S/MIME operations from within Emacs.
;;
;; Functions for fetching certificates from public repositories are
-;; NOT provided (yet).
+;; provided, currently from DNS and LDAP.
;;
-;; It uses OpenSSL (tested with version 0.9.5a) for signing,
+;; It uses OpenSSL (tested with version 0.9.5a and 0.9.6) for signing,
;; encryption and decryption.
;;
;; Some general knowledge of S/MIME, X.509, PKCS#12, PEM etc is
;; Especially, don't expect this library to buy security for you. If
;; you don't understand what you are doing, you're as likely to lose
;; security than gain any by using this library.
+;;
+;; This library is not intended to provide a "raw" API for S/MIME,
+;; PKCSx or similar, it's intended to perform common operations
+;; done on messages encoded in these formats. The terminology chosen
+;; reflect this.
+;;
+;; The home of this file is in Gnus CVS, but also available from
+;; http://josefsson.org/smime.html.
;;; Quick introduction:
;; that decision. One might think that this even influenced were I
;; store my keys, and one would probably be right. :-)
;;
+;; Update: Mathias Herberts sent the patch. However, it uses
+;; environment variables to pass the password to OpenSSL, which is
+;; slightly insecure. Hence a new todo: use a better -passin method.
+;;
+;; Cache password for e.g. 1h
+;;
;; Suggestions and comments are appreciated, mail me at simon@josefsson.org.
-;; <rant>
+;; begin rant
;;
;; I would include pointers to introductory text on concepts used in
;; this library here, but the material I've read are so horrible I
;; Also, I'm not going to mention anything about the wonders of
;; cryptopolitics. Oops, I just did.
;;
-;; </rant>
+;; end rant
;;; Revision history:
-;; version 0 not released
+;; 2000-06-05 initial version, committed to Gnus CVS contrib/
+;; 2000-10-28 retrieve certificates via DNS CERT RRs
+;; 2001-10-14 posted to gnu.emacs.sources
+;; 2005-02-13 retrieve certificates via LDAP
;;; Code:
(require 'dig)
+(require 'smime-ldap)
+(require 'password)
(eval-when-compile (require 'cl))
+(eval-and-compile
+ (cond
+ ((fboundp 'replace-in-string)
+ (defalias 'smime-replace-in-string 'replace-in-string))
+ ((fboundp 'replace-regexp-in-string)
+ (defun smime-replace-in-string (string regexp newtext &optional literal)
+ "Replace all matches for REGEXP with NEWTEXT in STRING.
+If LITERAL is non-nil, insert NEWTEXT literally. Return a new
+string containing the replacements.
+
+This is a compatibility function for different Emacsen."
+ (replace-regexp-in-string regexp newtext string nil literal)))))
+
(defgroup smime nil
- "S/MIME configuration.")
+ "S/MIME configuration."
+ :group 'mime)
(defcustom smime-keys nil
- "Map mail addresses to a file containing Certificate (and private key).
-The file is assumed to be in PEM format and not encrypted."
+ "*Map mail addresses to a file containing Certificate (and private key).
+The file is assumed to be in PEM format. You can also associate additional
+certificates to be sent with every message to each address."
:type '(repeat (list (string :tag "Mail address")
- (file :tag "File name")))
+ (file :tag "File name")
+ (repeat :tag "Additional certificate files"
+