Yuan Yijun (bbbush) wrote,
Yuan Yijun

  • Music:

My tweets

有个不太明白的地方,是为什么必须双方都有 "Digital ID" 以后,才可以发S/MIME加密邮件。按理说,乙方拿到甲方的 public key 以后,加密是不需要自己有key的。Wikipedia 说
While it is technically possible to send a message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in practice, the S/MIME clients will require you install your own certificate before they allow encrypting to others.
Due to the requirement of a certificate for implementation, not all users can take advantage of S/MIME, as some may wish to encrypt a message, with a public/private key pair for example, without the involvement or administrative overhead of certificates.
所以很疑惑。这篇文章写得清楚的地方是 1. 通常需要为 signing 和 encrypt 准备不同的 key,其中 encrypt key 可以经常换换; 2. 客户端软件通常都要手动地把对方加为联系人。

MSDN article: Understanding S/MIME
StackExchange: How does PGP differ from S/MIME
Entrust FAQ: Do both parties need an cert to communicate?
Both parties need an X.509 cert (public or private, any vendor). Encryption — both parties should need an x.509 s/mime cert. Signing — only the signer needs a cert, the verifier doesn't.
文件格式: 从 Firefox Penango 导出的 personal key backup 是 .p12 扩展名,可以导入 Outlook; 一种邮件附件是 .p7s 扩展名,表示已经签名;另一种邮件附件是 .p7m 扩展名,表示已经加密。
Content-Type: application/pkcs7-signature; name="Verify This Message with Penango.p7s"
Content-Disposition: attachment; filename="Verify This Message with Penango.p7s"

Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Tags: fedora, twitter

  • BP 1st year

    Basic Program is a reading program from UChicago. The information can be found here [1] and currently it is open for signing up for the next year…

  • 2020

    Last time I wrote a review was in 2018, about 2017. Or maybe I wrote something elsewhere, maybe on Twitter? It was hard to write something freely…

  • Crime and Punishment

    As a step to improve the illiterate situation I joined the Basic Program this year. It had been in my mind for a couple years, but glad this time I…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded