mime (secure) email.

http://github.com/medined/smime

Secure Exchange Solutions

SES Client

The tool it is mostly about an AS1 implementation (www.ietf.org, look for
"MIME-based secure EDI"). The end-user tool should be able to download from
an Internet site (there is a specific WSDL, authentication mechanism and file
format) a directory of contacts (name and e-mail plus the public encryption
and signing keys), plus download and install private keys for the user.

A simple UI should allow user to configure e-mail options (pop and smtp server
parameters, etc.) and inbox/outbox location (file path). The purpose of the
software is to allow user to pick a file and the destination address, encrypt
and sign the file, package into S/MIME envelope and deliver to the e-mail
server. The other (mirror) side is to receive secure e-mail from the POP
server, decrypt, verify signature, store decrypted file and then generate an
MDN (Message Disposition Notification), basically a signed snippet of the
received message that provides non-repudiation of receipt, and send it back
to sender of the message. UI should also allow user to view a list of files
in inbox and outbox (with the status of message - sent, MDN received, etc.)
and launch default program to view received files.

http://www.openssl.org/docs/apps/smime.html
http://stuff-things.net/2007/06/11/encrypting-sensitive-data-with-ruby-on-rails/
http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

# generate private key for andy
openssl genrsa -out andy.pem 2048
openssl rsa -in andy.pem -pubout > andy.pub

# generate private key for david
openssl genrsa -out david.pem 2048
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAuS+uJo2JSg0AYc455n6AQYGOUrmsvYErZxRj/lv8GYNnNoca
nuHCmhG4PbceyCBpUU4hnWFzEumYy+uWBaRHV/nKTr1mV6fzhjchONDjN3geAZIk
zxAmamgUsI2wiwHeAsSQ5bz2l5Ac0e8C0kN4GCN7ixZKsSHRP4vaBrLAAE6QP0b5
uGhkdw/cKnd9ogcbloVoq+0BEfLkznYMfhlf0fEOhqZ2/PEUGZe4QiEWN6EjFyGG
eHsQu9M/v/ibDWwLgEQJYQJcWmL6U5X7U/LgpLIJLHB84WZJcBL6E1dkh/RA0oD4
UXsgLmGjwjBBcD5ObLP/xkJi2MfhRh6FiOddkQIDAQABAoIBAGUl2eVM4XQE7fR+
A7oV1k/xR59/sw4/A0nmJUfFTklRMIrj+HJXtUcZ7pwm7TU6Hsw99LZVh9kIpmCb
aPHj7OPsl8eyQ7gVEDp62jaCQdkGTr1k6Z3/oDv2ZXaZrZf/iRfR7aLON5JJMLSp
68yU9X+Zwd0Sa/GcGwKujIOkFqMTWHQJKbwiysUkt7EbVAqZG0jsW1Ijr4LtxJ9r
X25BmOUPdfNrGZnsFv1fAulVvsTrj9cUf50OeQKrse8IVkGS7VroOq9EATGiXA7l
j/RZ8nIrV1MDuzDajM4KxO/dm/psFJJx9nrhB7u6l5l1gWyVvIsCy2hDwUn9PH+8
KB8wyAECgYEA2exTyT0SA8zYAwBanKYenFbAkeh+Yw9pxd41/HeCbEoy0vqMxu+J
IQW5j2YkyZ74mkzzI2TpUG91K61RePTTwNOpvfVn+va0m5woHmU1gzuvfsg50Yxo
95FLqka6bQ+YzJKIAn4U/bbuqta24nVTdmjl3LkOf+gBkWNBhR3U9eECgYEA2YsJ
LNbnOGp8htJiLy44CdVTlXclQhtitJl1QBoI5bG8JsIhbsskJT44RKmTe+vNB+X7
/dr4fbkClyDpSnmQCDVGAiJLOQrcahfLA5+hBj7GHOW43tkjq1jnKHmbevIT40D7
9RNz2NtE8v92UW8uLPE+ixmuXl2EyQcpCfLq/bECgYEAm+ADylSpdxhlhjgRmCzm
hlMzKOqQxJB4yvR3zx84pfaoxeo7GeyqPHmY0e5w79qK3euemjmK/WLL/7LYLNmK
QUnlBx/rAULHyup2c89W6IifreLQIIf7aOF/qssue+YFGIbTTF0c7KGVs5Mje3YK
fg7oI+omaezsei7x5aKB+mECgYEAsGtMuYxeXyYcbsnWziRRVcgmzKOfF4lV9tgs
ehui84O77kKpEkyzt3BJ+YT8EhccYzdjsG8P7gVH0H/kMX18DOwHJlvhXRUtwuwg
u4OM9p+Z0n2J+09k2eRzMiPMr1v6POXKbumjnU3VEKuTrF7Zt6C889mTyvtUYCLq
aSMS50ECgYEAlkEvdIWPRTohqQ6OISj7e4saxyX90jZRTBo2WJLL/e88MNwFWbbX
kkC0upwOjeId8XNW0NJ/vPRq/K1M59R3tsib+lCTZkZ3NleGWfLCOa6JCpcbkQfn
hPn37RgCVnuHZXP1i+Ba5Y3O4H5ej+vK5tpEmxcXxwZxpt/BkYaUcdE=
-----END RSA PRIVATE KEY-----
openssl rsa -in david.pem -pubout > david.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuS+uJo2JSg0AYc455n6A
QYGOUrmsvYErZxRj/lv8GYNnNocanuHCmhG4PbceyCBpUU4hnWFzEumYy+uWBaRH
V/nKTr1mV6fzhjchONDjN3geAZIkzxAmamgUsI2wiwHeAsSQ5bz2l5Ac0e8C0kN4
GCN7ixZKsSHRP4vaBrLAAE6QP0b5uGhkdw/cKnd9ogcbloVoq+0BEfLkznYMfhlf
0fEOhqZ2/PEUGZe4QiEWN6EjFyGGeHsQu9M/v/ibDWwLgEQJYQJcWmL6U5X7U/Lg
pLIJLHB84WZJcBL6E1dkh/RA0oD4UXsgLmGjwjBBcD5ObLP/xkJi2MfhRh6FiOdd
kQIDAQAB
-----END PUBLIC KEY-----

================================================================================
================================================================================

# generate self-signed certificate for RECIPIENT
openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Virgina/L=Fairfax/CN=www.affy.com' -newkey rsa:2048 -keyout recipient.pem -out recipient_cert.pem
openssl rsa -in recipient.pem -pubout > recipient.pub

# generate self-signed certificate for SENDER
openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Virgina/L=Fairfax/CN=www.affy.com' -newkey rsa:2048 -keyout sender.pem -out sender_cert.pem
openssl rsa -in sender.pem -pubout > sender.pub

openssl smime -sign -in my-message.txt -out signed-message -signer sender_cert.pem -inkey sender.pem -text
openssl smime -encrypt -out encrypted-signed-message -in signed-message recipient_cert.pem
openssl smime -encrypt -out encrypted-signed-message -in signed-message recipient.pub

openssl smime -decrypt -out received-message -in encrypted-signed-message -inkey recipient.pem

# signing certificate is used to verify
openssl smime -verify -in received-message -text -CAfile sender_cert.pem
openssl smime -pk7out -in received-message | openssl pkcs7 -print_certs -noout

================================================================================
================================================================================


#encrypt and decrypt
openssl rsautl -encrypt -pubin -inkey andy.pub < my-message.txt > my-encrypted-message.txt
openssl rsautl -decrypt -inkey andy.pem < my-encrypted-message.txt

# sign and verify
openssl rsautl -sign -inkey david.pem < my-message.txt > signed.dat
openssl rsautl -verify -inkey public-key.pem -pubin < signed.dat


# generate self-signed certificate
openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Virgina/L=Fairfax/CN=www.affy.com' -newkey rsa:1024 -keyout andy.pem -out mycert.pem

# david sending to andy.
openssl smime -encrypt -in my-message.txt mycert.pem


openssl smime -sign -in my-message.txt -out signed-message -signer mycert.pem -inkey  andy.pem -text

openssl smime -encrypt -in my-message.txt -from [email protected] -to [email protected] -subject 'My encrypted reply' mycert.pem > mail.msg

openssl smime -decrypt -in mail.msg mycert.pem


cat "Hello, World" > message.txt
# Create a cleartext signed message
openssl smime -sign -in message.txt -text -out mail.msg -signer mycert.pem
#Create an opaque signed message
openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem


Invoice
-------
$22 for Security on Rails Ebook


Application Name: Secure Email

When the application starts
  if the network is available, download the directory and replace the db/directory.yml file
  if the network is not available, load the exisitng db/directory.yml file.
  if the yml file is not available, display error message.
Open the main window
  Three tabs: inbox, directory, outbox, display message
  File > New Message
  File > Save as Draft
  File > Print
  File > Close
----
  Tools > Download Private Key
----
  Tools > Download Full Directory
  Tools > Sync Directory
  Tools > Show Hidden Entries
----
  Tools > Configure Mail Settings
  Tools > Configure Application Settings
  Tools > Upgrade Settings
----
  Tools > Recieve Files

Inbox
  Each message shows Name/Organization/email_contact
Outbox
  Each message shows To/Date/MDN Recieved?/Filename?
New Message Dialog
  Send Button
  To Button -> displays Directory Selector dialog
  File Button -> displays File Open dialog
  Text area
Directory Selector Dialog
  Name, Organization, Email Contact
  Select Entry button
  Cancol button

Questions
---------
What is a hidden entry?
What does it mean to update settings?
What files are received?
What values can third line of outbox be?
What does tools>sync directory do?


Organization is Distinquished Name