Estou pensando em criptografar alguns dos meus e-mails usando S / MIME v3.1, já que meus dispositivos devem suportá-lo.
Agora eu me pergunto se existe uma ferramenta (linha de comando) que poderia fazer isso por mim? Eu tentei google isso, mas eu não encontrei algo promissor.
Sim, o OpenSSL ( openssl smime ou openssl cms ) pode fazer isso:
man smime :
DESCRIPTION
The smime command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages.
man cms :
DESCRIPTION
The cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME messages.
Aqui está um script para criptografar emails pré-existentes, mas você precisa ter acesso a eles como arquivos no formato MH. Como bônus, ele usa GPG em vez de S / MIME se o segundo argumento for um ID de chave GPG. Se o segundo argumento for um caminho para um arquivo terminado em .pem, o script assumirá que o segundo argumento é um certificado X509 de formato pem, para o qual a chave privada correspondente será eventualmente usada para descriptografar o email.
#!/usr/bin/awk -f
## Encrypt emails in MH format.
## 1st argument is email file to encrypt.
## 2nd argument is PGP key identifier, or for S/MIME, certificate file.
BEGIN {
## If second argument ends with .pem, assume that S/MIME output
## is required, otherwise assume PGP/MIME.
if (ARGC == 3 && ARGV[2] ~ /\.pem$/) S = 1 ## S/MIME, not PGP
if (S == 1) {
Encrypt = "openssl smime -encrypt -aes256 -outform pem " ARGV[2]
Encrypt = Encrypt "|sed '/^-----BEGIN PKCS7-----/d;"
Encrypt = Encrypt "/^-----END PKCS7-----/d'"}
else {
Encrypt = "gpg2 --armor --encrypt -r " ARGV[2]
Random = "openssl rand -base64 30"}
for (i=2;i < ARGC;i++) delete ARGV[i] ## Just one input file.
}
{
sub(/\r$/,"",$0)}
##==========================================================
BlankCount > 0 { ## Everything from the 1st blank line onwards:
print $0 | Encrypt ## Pipe opened on 1st matching line; stays open.
next}
##----------------------------------------------------------
$0 ~ /^[^ \t]/ { ## Any line starting with a non-whitespace character.
CurrentBlank = 0
if (Started == 0) Started = 1}
##----------------------------------------------------------
$0 ~ /^[ \t]*$/ { ## Blank line NOT at the top of the file.
if (CurrentBlank == 0 && Started == 1) BlankCount++
CurrentBlank = 1
## New Content-Type and Content-Transfer-Encoding headers to go at the
## end of the header-block, i.e. before the first blank line:
if (BlankCount == 1) {
if (S == 1) {
H = "Content-Type: application/pkcs7-mime;"
H = H " name=\"smime.p7m\"; smime-type=enveloped-data\n"
H = H "Content-Transfer-Encoding: base64\n"
H = H "Content-Disposition: attachment;"
H = H " filename=\"smime.p7m\"\n"
H = H "Content-Description: S/MIME Encrypted Message"}
else {
Random | getline Boundary
Boundary = "Encrypt_/" Boundary
H = "Content-Type: multipart/encrypted;"
H = H "\n boundary=\"" Boundary "\";"
H = H "\n protocol=\"application/pgp-encrypted\"\n\n"
H = H "--" Boundary "\n"
H = H "Content-Type: application/pgp-encrypted\n\n"
H = H "Version: 1\n\n"
H = H "--" Boundary "\n"
H = H "Content-Type: application/octet-stream\n"}
print H
printf("%s\n", ContentType) | Encrypt
printf("%s\n\n", TransferEncoding) | Encrypt}}
##----------------------------------------------------------
## Save original Content-Type and Content-Transfer-Encoding to put in
## encrypted part:
tolower($0) ~ /^content-type[ \t]*:/ {
ContentType = $0
sub(/[^:][^:]*: */,"",ContentType)
ContentType = "Content-Type: " ContentType
ContentTypeLineNumber = FNR
next}
tolower($0) ~ /^content-transfer-encoding[ \t]*:/ {
TransferEncoding = $0
TransferEncoding = "Content-Transfer-Encoding: " TransferEncoding
sub(/[^:][^:]*: */,"",TransferEncoding)
TransferEncodingLineNumber = FNR
next}
$0 ~ /^[ \t][ \t]*[^ \t]/ { ## Non-blank line starting with space or tab
CurrentBlank = 0
if (BlankCount == 0 && FNR > 1) {
## This must be a continuation line in the header
if (FNR - 1 == ContentTypeLineNumber) {
ContentTypeLineNumber = FNR
ContentType = ContentType "\n" $0
next}
if (FNR - 1 == TransferEncodingLineNumber) {
TransferEncodingLineNumber = FNR
TransferEncoding = TransferEncoding "\n" $0
next}}}
##----------------------------------------------------------
Started == 1 { ## All header lines other than Type and Encoding.
print $0}
END {
close(Encrypt)
if (S == 1) print ""
else printf("\n--%s--\n", Boundary)}
##----------------------------------------------------------
Tags encryption email smime