S/MIME and SMIMEA
From Simson Garfinkel
Jump to navigationJump to search
(Instructions for a Mac)
- You need an email address that can receive Internet mail.
- Go to one of the well-known free S/MIME providers with Safari complete list.
- https://www.comodo.com/home/email-security/free-email-certificate.php
- https://www.startssl.com/?app=1 — You want to use the identity and email validation
- Fill out the CA's forms. (Make sure that their CA key is in your browser) and follow the procedure.
- Once you have cert, run the Apple KeyChain access program.
- Find your certificate and drag it to the desktop. It will drag as a file emailaddress.cer
- This file is in DER binary format. Verify it with OpenSSL: "openssl x509 -inform der -in <filename>.cer -text"
- We want to use DANE Certificate Usage 1 (specify an end entity certificate), selector 0 (full certificate in binary structure), Matching type 0 (exact match on the selected content), and a field of hexadecimal numbers. Just hex code the certificate with "xxd -p <filename>"
- For example:
>>> import hashlib
>>> hashlib.sha256("slg").hexdigest()[0:28*2]
'77a3c94a8ebb95e36eb9682857da339d8ab09597d8e57eb1a4eb3f46'
>>> quit()
DNS record:
77a3c94a8ebb95e36eb9682857da339d8ab09597d8e57eb1a4eb3f46._smimecert.had-pilot.com. IN SMIMEA ( 0 0 1 3082053a30820422a003020102021100a2e257ee36fac5403be0d487d92a cf55300d06092a864886f70d01010b050030819b310b3009060355040613 024742311b30190603550408131247726561746572204d616e6368657374 65723110300e0603550407130753616c666f7264311a3018060355040a13 11434f4d4f444f204341204c696d697465643141303f0603550403133843 4f4d4f444f205348412d32353620436c69656e742041757468656e746963 6174696f6e20616e642053656375726520456d61696c204341301e170d31 36303130343030303030305a170d3137303130333233353935395a302231 20301e06092a864886f70d0109011611736d696d65614073696d736f6e2e 6e657430820122300d06092a864886f70d01010105000382010f00308201 0a0282010100a77bcf56398888f51e75f3b5eec46266c40a40a4613f3d3f ee4969cfe60ce45c32e84fe55caf2a5ed9e2ea60dbf019dcdb0355d01e12 6d86db2cb0f93e5d14be355c6aee0f52c9987bbaa2c67d513dbdd7286e4d 399547b791ffd54a695a8376b35e57eb562fdfb3c8babe544441867095c7 d5aaa0325a7458c5337ec030193b943aa3d262503c56f66c44cc98d87bbe 262695bd357c31983ec66fea5efe30223894ef9f98a9ec5d69fa573da256 ffa37b27c01dc6fff269a4d33de1ac737acdea829b760824a21854a18420 c6159b85fb0c662015fda1e8f7fdd4f91d6b8a2fb94e52e2c96070daf19c 3e65c5c015653af841c26b783532a32943187268600b0203010001a38201 ef308201eb301f0603551d2304183016801492616b82e1a2a0aa4fec67f1 c2a3f7b48000c1ec301d0603551d0e0416041427f9f506b410ca03c74a20 384f5ddbad4ecd7b2d300e0603551d0f0101ff0404030205a0300c060355 1d130101ff0402300030200603551d250419301706082b06010505070304 060b2b06010401b23101030502301106096086480186f842010104040302 052030460603551d20043f303d303b060c2b06010401b231010201010130 2b302906082b06010505070201161d68747470733a2f2f7365637572652e 636f6d6f646f2e6e65742f435053305d0603551d1f045630543052a050a0 4e864c687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d 4f444f534841323536436c69656e7441757468656e7469636174696f6e61 6e64536563757265456d61696c43412e63726c30819006082b0601050507 0101048183308180305806082b06010505073002864c687474703a2f2f63 72742e636f6d6f646f63612e636f6d2f434f4d4f444f534841323536436c 69656e7441757468656e7469636174696f6e616e64536563757265456d61 696c43412e637274302406082b060105050730018618687474703a2f2f6f 6373702e636f6d6f646f63612e636f6d301c0603551d1104153013811173 6d696d65614073696d736f6e2e6e6574300d06092a864886f70d01010b05 000382010100330e37b297e072d8fbdeb3504216378620ffc8006c9d4004 29116aab4e76ba1333db4a20aad48534d0ae43c5cf5b529e6c1a4624fc05 0397210e71566612382d46c88fe93f3b4bcbb68df3da88d296fc9aba3f46 32010fc196b130d78900cac5429eda15aaa4fa49a7bf381fea51c29e23b6 eaf429f41e0d3b674a1ea7df19664a919f0b032d83ec1ca69f974a6a1ae0 770c006ff41562d50c748381e12bec1ed568477331f422aca0c611bf4df1 4d1f33ced85012d996f68b94289a859af217882c8e80e8c5b9f99369c10f 3a0560f6370c3709ecd20104a6c43e28d37c11b13a8fcdfdc918e37a4baf f53f4aab84008976be69bbfe5c57d601c11458cf745f )
