Difference between revisions of "S/MIME and SMIMEA"
(Created page with "(Instructions for a Mac) # You need an email address that can receive Internet mail. # Go to one of the well-known free S/MIME providers with Safari [https://www.sslshopper.co...") |
m |
||
Line 7: | Line 7: | ||
# Once you have cert, run the Apple KeyChain access program. | # Once you have cert, run the Apple KeyChain access program. | ||
# Find your certificate and drag it to the desktop. It will drag as a file emailaddress.cer | # Find your certificate and drag it to the desktop. It will drag as a file emailaddress.cer | ||
# This file is in DER binary format. We want to use [https://tools.ietf.org/html/rfc6698 DANE] Certificate Usage 1 (specify an end entity certificate), selector 0 (full certificate in binary structure), Matching type 0 (exact match on the selected content), and a field of hexadecimal numbers. Just hex code the certificate with "xxd -p <filename>" | # This file is in DER binary format. Verify it with OpenSSL: "openssl x509 -inform der -in <filename>.cer -text" | ||
# We want to use [https://tools.ietf.org/html/rfc6698 DANE] Certificate Usage 1 (specify an end entity certificate), selector 0 (full certificate in binary structure), Matching type 0 (exact match on the selected content), and a field of hexadecimal numbers. Just hex code the certificate with "xxd -p <filename>" | |||
# For example: | |||
<code> | |||
>>> import hashlib | |||
>>> hashlib.sha256("slg").hexdigest()[0:28*2] | |||
'77a3c94a8ebb95e36eb9682857da339d8ab09597d8e57eb1a4eb3f46' | |||
>>> quit() | |||
</code> | |||
DNS record: | |||
<code> | |||
77a3c94a8ebb95e36eb9682857da339d8ab09597d8e57eb1a4eb3f46._smimecert.had-pilot.com. IN SMIMEA ( | |||
0 0 1 3082053a30820422a003020102021100a2e257ee36fac5403be0d487d92a | |||
cf55300d06092a864886f70d01010b050030819b310b3009060355040613 | |||
024742311b30190603550408131247726561746572204d616e6368657374 | |||
65723110300e0603550407130753616c666f7264311a3018060355040a13 | |||
11434f4d4f444f204341204c696d697465643141303f0603550403133843 | |||
4f4d4f444f205348412d32353620436c69656e742041757468656e746963 | |||
6174696f6e20616e642053656375726520456d61696c204341301e170d31 | |||
36303130343030303030305a170d3137303130333233353935395a302231 | |||
20301e06092a864886f70d0109011611736d696d65614073696d736f6e2e | |||
6e657430820122300d06092a864886f70d01010105000382010f00308201 | |||
0a0282010100a77bcf56398888f51e75f3b5eec46266c40a40a4613f3d3f | |||
ee4969cfe60ce45c32e84fe55caf2a5ed9e2ea60dbf019dcdb0355d01e12 | |||
6d86db2cb0f93e5d14be355c6aee0f52c9987bbaa2c67d513dbdd7286e4d | |||
399547b791ffd54a695a8376b35e57eb562fdfb3c8babe544441867095c7 | |||
d5aaa0325a7458c5337ec030193b943aa3d262503c56f66c44cc98d87bbe | |||
262695bd357c31983ec66fea5efe30223894ef9f98a9ec5d69fa573da256 | |||
ffa37b27c01dc6fff269a4d33de1ac737acdea829b760824a21854a18420 | |||
c6159b85fb0c662015fda1e8f7fdd4f91d6b8a2fb94e52e2c96070daf19c | |||
3e65c5c015653af841c26b783532a32943187268600b0203010001a38201 | |||
ef308201eb301f0603551d2304183016801492616b82e1a2a0aa4fec67f1 | |||
c2a3f7b48000c1ec301d0603551d0e0416041427f9f506b410ca03c74a20 | |||
384f5ddbad4ecd7b2d300e0603551d0f0101ff0404030205a0300c060355 | |||
1d130101ff0402300030200603551d250419301706082b06010505070304 | |||
060b2b06010401b23101030502301106096086480186f842010104040302 | |||
052030460603551d20043f303d303b060c2b06010401b231010201010130 | |||
2b302906082b06010505070201161d68747470733a2f2f7365637572652e | |||
636f6d6f646f2e6e65742f435053305d0603551d1f045630543052a050a0 | |||
4e864c687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d | |||
4f444f534841323536436c69656e7441757468656e7469636174696f6e61 | |||
6e64536563757265456d61696c43412e63726c30819006082b0601050507 | |||
0101048183308180305806082b06010505073002864c687474703a2f2f63 | |||
72742e636f6d6f646f63612e636f6d2f434f4d4f444f534841323536436c | |||
69656e7441757468656e7469636174696f6e616e64536563757265456d61 | |||
696c43412e637274302406082b060105050730018618687474703a2f2f6f | |||
6373702e636f6d6f646f63612e636f6d301c0603551d1104153013811173 | |||
6d696d65614073696d736f6e2e6e6574300d06092a864886f70d01010b05 | |||
000382010100330e37b297e072d8fbdeb3504216378620ffc8006c9d4004 | |||
29116aab4e76ba1333db4a20aad48534d0ae43c5cf5b529e6c1a4624fc05 | |||
0397210e71566612382d46c88fe93f3b4bcbb68df3da88d296fc9aba3f46 | |||
32010fc196b130d78900cac5429eda15aaa4fa49a7bf381fea51c29e23b6 | |||
eaf429f41e0d3b674a1ea7df19664a919f0b032d83ec1ca69f974a6a1ae0 | |||
770c006ff41562d50c748381e12bec1ed568477331f422aca0c611bf4df1 | |||
4d1f33ced85012d996f68b94289a859af217882c8e80e8c5b9f99369c10f | |||
3a0560f6370c3709ecd20104a6c43e28d37c11b13a8fcdfdc918e37a4baf | |||
f53f4aab84008976be69bbfe5c57d601c11458cf745f ) | |||
</code> |
Revision as of 08:02, 4 January 2016
(Instructions for a Mac)
- You need an email address that can receive Internet mail.
- Go to one of the well-known free S/MIME providers with Safari complete list.
- https://www.comodo.com/home/email-security/free-email-certificate.php
- https://www.startssl.com/?app=1 — You want to use the identity and email validation
- Fill out the CA's forms. (Make sure that their CA key is in your browser) and follow the procedure.
- Once you have cert, run the Apple KeyChain access program.
- Find your certificate and drag it to the desktop. It will drag as a file emailaddress.cer
- This file is in DER binary format. Verify it with OpenSSL: "openssl x509 -inform der -in <filename>.cer -text"
- We want to use DANE Certificate Usage 1 (specify an end entity certificate), selector 0 (full certificate in binary structure), Matching type 0 (exact match on the selected content), and a field of hexadecimal numbers. Just hex code the certificate with "xxd -p <filename>"
- For example:
>>> import hashlib
>>> hashlib.sha256("slg").hexdigest()[0:28*2]
'77a3c94a8ebb95e36eb9682857da339d8ab09597d8e57eb1a4eb3f46'
>>> quit()
DNS record:
77a3c94a8ebb95e36eb9682857da339d8ab09597d8e57eb1a4eb3f46._smimecert.had-pilot.com. IN SMIMEA (
0 0 1 3082053a30820422a003020102021100a2e257ee36fac5403be0d487d92a
cf55300d06092a864886f70d01010b050030819b310b3009060355040613
024742311b30190603550408131247726561746572204d616e6368657374
65723110300e0603550407130753616c666f7264311a3018060355040a13
11434f4d4f444f204341204c696d697465643141303f0603550403133843
4f4d4f444f205348412d32353620436c69656e742041757468656e746963
6174696f6e20616e642053656375726520456d61696c204341301e170d31
36303130343030303030305a170d3137303130333233353935395a302231
20301e06092a864886f70d0109011611736d696d65614073696d736f6e2e
6e657430820122300d06092a864886f70d01010105000382010f00308201
0a0282010100a77bcf56398888f51e75f3b5eec46266c40a40a4613f3d3f
ee4969cfe60ce45c32e84fe55caf2a5ed9e2ea60dbf019dcdb0355d01e12
6d86db2cb0f93e5d14be355c6aee0f52c9987bbaa2c67d513dbdd7286e4d
399547b791ffd54a695a8376b35e57eb562fdfb3c8babe544441867095c7
d5aaa0325a7458c5337ec030193b943aa3d262503c56f66c44cc98d87bbe
262695bd357c31983ec66fea5efe30223894ef9f98a9ec5d69fa573da256
ffa37b27c01dc6fff269a4d33de1ac737acdea829b760824a21854a18420
c6159b85fb0c662015fda1e8f7fdd4f91d6b8a2fb94e52e2c96070daf19c
3e65c5c015653af841c26b783532a32943187268600b0203010001a38201
ef308201eb301f0603551d2304183016801492616b82e1a2a0aa4fec67f1
c2a3f7b48000c1ec301d0603551d0e0416041427f9f506b410ca03c74a20
384f5ddbad4ecd7b2d300e0603551d0f0101ff0404030205a0300c060355
1d130101ff0402300030200603551d250419301706082b06010505070304
060b2b06010401b23101030502301106096086480186f842010104040302
052030460603551d20043f303d303b060c2b06010401b231010201010130
2b302906082b06010505070201161d68747470733a2f2f7365637572652e
636f6d6f646f2e6e65742f435053305d0603551d1f045630543052a050a0
4e864c687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f434f4d
4f444f534841323536436c69656e7441757468656e7469636174696f6e61
6e64536563757265456d61696c43412e63726c30819006082b0601050507
0101048183308180305806082b06010505073002864c687474703a2f2f63
72742e636f6d6f646f63612e636f6d2f434f4d4f444f534841323536436c
69656e7441757468656e7469636174696f6e616e64536563757265456d61
696c43412e637274302406082b060105050730018618687474703a2f2f6f
6373702e636f6d6f646f63612e636f6d301c0603551d1104153013811173
6d696d65614073696d736f6e2e6e6574300d06092a864886f70d01010b05
000382010100330e37b297e072d8fbdeb3504216378620ffc8006c9d4004
29116aab4e76ba1333db4a20aad48534d0ae43c5cf5b529e6c1a4624fc05
0397210e71566612382d46c88fe93f3b4bcbb68df3da88d296fc9aba3f46
32010fc196b130d78900cac5429eda15aaa4fa49a7bf381fea51c29e23b6
eaf429f41e0d3b674a1ea7df19664a919f0b032d83ec1ca69f974a6a1ae0
770c006ff41562d50c748381e12bec1ed568477331f422aca0c611bf4df1
4d1f33ced85012d996f68b94289a859af217882c8e80e8c5b9f99369c10f
3a0560f6370c3709ecd20104a6c43e28d37c11b13a8fcdfdc918e37a4baf
f53f4aab84008976be69bbfe5c57d601c11458cf745f )