Yuan Yijun (bbbush) wrote,
Yuan Yijun

  • Music:

My tweets

有个不太明白的地方,是为什么必须双方都有 "Digital ID" 以后,才可以发S/MIME加密邮件。按理说,乙方拿到甲方的 public key 以后,加密是不需要自己有key的。Wikipedia 说
While it is technically possible to send a message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in practice, the S/MIME clients will require you install your own certificate before they allow encrypting to others.
Due to the requirement of a certificate for implementation, not all users can take advantage of S/MIME, as some may wish to encrypt a message, with a public/private key pair for example, without the involvement or administrative overhead of certificates.
所以很疑惑。这篇文章写得清楚的地方是 1. 通常需要为 signing 和 encrypt 准备不同的 key,其中 encrypt key 可以经常换换; 2. 客户端软件通常都要手动地把对方加为联系人。

MSDN article: Understanding S/MIME
StackExchange: How does PGP differ from S/MIME
Entrust FAQ: Do both parties need an cert to communicate?
Both parties need an X.509 cert (public or private, any vendor). Encryption — both parties should need an x.509 s/mime cert. Signing — only the signer needs a cert, the verifier doesn't.
文件格式: 从 Firefox Penango 导出的 personal key backup 是 .p12 扩展名,可以导入 Outlook; 一种邮件附件是 .p7s 扩展名,表示已经签名;另一种邮件附件是 .p7m 扩展名,表示已经加密。
Content-Type: application/pkcs7-signature; name="Verify This Message with Penango.p7s"
Content-Disposition: attachment; filename="Verify This Message with Penango.p7s"

Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Tags: fedora, twitter

  • My tweets

    Wed, 09:34: WIthout threading support, Outlook managed to introduce "Focused" and "Other" as tabs in the inbox. Now I got two inbox to check.

  • My tweets

    Tue, 11:06: With IntelliJ IDEA it is really hard to tell which window is "active" by looking at the taskbar icon. The project n……

  • My tweets

    Sun, 21:01: Scared a little bit https://t.co/MQI4IPzfDa Sun, 22:07: https://t.co/22J8hD4xrp ugly paradise

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded