[lug] Unknown mime type?

Bear Giles bgiles at coyotesong.com
Sun Apr 7 18:28:25 MDT 2002 

> Using Ximian's Evolution, I'm suddenly seeing "unknown type attachment
> (smime.p7m)" attachments from some Outlook users. Anyone seen this
> before?

S/MIME - secure MIME
p7s, p7m - PKCS7 signature and message, IIRC.

There are two widely used email encryption approaches. PGP/GPG is
one, S/MIME and PKIX (Public Key Infrastructure using X.509 (digital
certificates) is the other.

Actually there are three approaches.  Besides OpenPGPG, there's the 
S/MIME adhering to the RFCs (which, IIRC, encapsulates the entire
message body in an opaque object) and then there's Microsoft's way of 
doing it (which, IIRC, encrypts each piece individually).  The OpenSSL
user's list had a discussion a while back about Outlook not being
able to accept properly formed messages from some Unix clients, and
Outlook messages being flagged as invalid by those same clients.

PKCS7 itself is a simple container.  It's well suited for individual
items, and in fact is now the preferred format for OpenSSL private
keys (where the passphrase is used to generate a symmetric key used
to recursively encrypt the private key 2048 times or so!) in addition
to S/MIME messages.  

Here's the information I have on the OpenSSL CLI tools.

$ openssl pkcs7 -x

unknown option -x
pkcs7 [options] <infile >outfile
where options are
 -inform arg   input format - DER or PEM
 -outform arg  output format - DER or PEM
 -in arg       input file
 -out arg      output file
 -print_certs  print any certs or crl in the input
 -text         print full details of certificates
 -noout        don't output encoded data

$ openssl smime -x

Usage smime [options] cert.pem ...
where options are
-encrypt       encrypt message
-decrypt       decrypt encrypted message
-sign          sign message
-verify        verify signed message
-pk7out        output PKCS#7 structure
-des3          encrypt with triple DES
-des           encrypt with DES
-rc2-40        encrypt with RC2-40 (default)
-rc2-64        encrypt with RC2-64
-rc2-128       encrypt with RC2-128
-nointern      don't search certificates in message for signer
-nosigs        don't verify message signature
-noverify      don't verify signers certificate
-nocerts       don't include signers certificate when signing
-nodetach      use opaque signing
-noattr        don't include any signed attributes
-binary        don't translate message to text
-certfile file other certificates file
-signer file   signer certificate file
-recip  file   recipient certificate file for decryption
-in file       input file
-inform arg    input format SMIME (default), PEM or DER
-inkey file    input private key (if not signer or recipient)
-out file      output file
-outform arg   output format SMIME (default), PEM or DER
-content file  supply or override content for detached signature
-to addr       to address
-from ad       from address
-subject s     subject
-text          include or delete text MIME headers
-CApath dir    trusted certificates directory
-CAfile file   trusted certificates file
-passin arg    input file pass phrase source
-rand file:file:...
               load the file (or the files in the directory) into
               the random number generator
cert.pem       recipient certificate(s) for encryption

More information about the LUG mailing list