Como criptografar e-mails com S / MIME

1

Estou pensando em criptografar alguns dos meus e-mails usando S / MIME v3.1, já que meus dispositivos devem suportá-lo.

Agora eu me pergunto se existe uma ferramenta (linha de comando) que poderia fazer isso por mim? Eu tentei google isso, mas eu não encontrei algo promissor.

    
por user60589 29.08.2016 / 18:58

2 respostas

2

Sim, o OpenSSL ( openssl smime ou openssl cms ) pode fazer isso:

man smime :

DESCRIPTION

The smime command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages.

man cms :

DESCRIPTION

The cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME messages.

    
por 29.08.2016 / 19:16
0

Aqui está um script para criptografar emails pré-existentes, mas você precisa ter acesso a eles como arquivos no formato MH. Como bônus, ele usa GPG em vez de S / MIME se o segundo argumento for um ID de chave GPG. Se o segundo argumento for um caminho para um arquivo terminado em .pem, o script assumirá que o segundo argumento é um certificado X509 de formato pem, para o qual a chave privada correspondente será eventualmente usada para descriptografar o email.

#!/usr/bin/awk -f

## Encrypt emails in MH format.

## 1st argument is email file to encrypt.
## 2nd argument is PGP key identifier, or for S/MIME, certificate file.

BEGIN {
        ## If second argument ends with .pem, assume that S/MIME output
        ## is required, otherwise assume PGP/MIME.
        if (ARGC == 3 && ARGV[2] ~ /\.pem$/) S = 1 ## S/MIME, not PGP

        if (S == 1) {
                Encrypt = "openssl smime -encrypt -aes256 -outform pem " ARGV[2]
                Encrypt = Encrypt "|sed '/^-----BEGIN PKCS7-----/d;"
                Encrypt = Encrypt "/^-----END PKCS7-----/d'"}
        else {
                Encrypt = "gpg2 --armor --encrypt -r " ARGV[2]
                Random = "openssl rand -base64 30"}

        for (i=2;i < ARGC;i++) delete ARGV[i]        ## Just one input file.
}

{
        sub(/\r$/,"",$0)}

##==========================================================

BlankCount > 0 {           ## Everything from the 1st blank line onwards:
        print $0 | Encrypt ## Pipe opened on 1st matching line; stays open.
        next}

##----------------------------------------------------------

$0 ~ /^[^ \t]/ {        ## Any line starting with a non-whitespace character.
        CurrentBlank = 0
        if (Started == 0) Started = 1}

##----------------------------------------------------------

$0 ~ /^[ \t]*$/ {        ## Blank line NOT at the top of the file.
        if (CurrentBlank == 0 && Started == 1) BlankCount++
        CurrentBlank = 1

        ## New Content-Type and Content-Transfer-Encoding headers to go at the
        ## end of the header-block, i.e. before the first blank line:
        if (BlankCount == 1) {
                if (S == 1) {
                        H = "Content-Type: application/pkcs7-mime;"
                        H = H " name=\"smime.p7m\"; smime-type=enveloped-data\n"
                        H = H "Content-Transfer-Encoding: base64\n"
                        H = H "Content-Disposition: attachment;"
                        H = H " filename=\"smime.p7m\"\n"
                        H = H "Content-Description: S/MIME Encrypted Message"}
                else {
                        Random | getline Boundary
                        Boundary = "Encrypt_/" Boundary

                        H = "Content-Type: multipart/encrypted;"
                        H = H "\n boundary=\"" Boundary "\";"
                        H = H "\n protocol=\"application/pgp-encrypted\"\n\n"

                        H = H "--" Boundary "\n"
                        H = H "Content-Type: application/pgp-encrypted\n\n"

                        H = H "Version: 1\n\n"

                        H = H "--" Boundary "\n"
                        H = H "Content-Type: application/octet-stream\n"}

                print H

                printf("%s\n", ContentType) | Encrypt
                printf("%s\n\n", TransferEncoding) | Encrypt}}

##----------------------------------------------------------

## Save original Content-Type and Content-Transfer-Encoding to put in
## encrypted part:

tolower($0) ~ /^content-type[ \t]*:/ {
        ContentType = $0
        sub(/[^:][^:]*: */,"",ContentType)
        ContentType = "Content-Type: " ContentType
        ContentTypeLineNumber = FNR
        next}
tolower($0) ~ /^content-transfer-encoding[ \t]*:/ {
        TransferEncoding = $0
        TransferEncoding = "Content-Transfer-Encoding: " TransferEncoding
        sub(/[^:][^:]*: */,"",TransferEncoding)
        TransferEncodingLineNumber = FNR
        next}

$0 ~ /^[ \t][ \t]*[^ \t]/ {        ## Non-blank line starting with space or tab
        CurrentBlank = 0
        if (BlankCount == 0 && FNR > 1) {
                ## This must be a continuation line in the header
                if (FNR - 1 == ContentTypeLineNumber) {
                        ContentTypeLineNumber = FNR
                        ContentType = ContentType "\n" $0
                        next}
                if (FNR - 1 == TransferEncodingLineNumber) {
                        TransferEncodingLineNumber = FNR
                        TransferEncoding = TransferEncoding "\n" $0
                        next}}}

##----------------------------------------------------------

Started == 1 {                ## All header lines other than Type and Encoding.
        print $0}

END {
        close(Encrypt)
        if (S == 1) print ""
        else printf("\n--%s--\n", Boundary)}

##----------------------------------------------------------
    
por 15.10.2016 / 22:01