[PYTHON-CRYPTO] M2Crypto SMIME Mail verification error in Outlook and Thunderbird

Wed Mar 22 00:16:36 CET 2006

Patrick Hagelkruys wrote:
> I tried to digital sign a message with m2crypto and verify it with Outlook.
> But Outlook (also Thunderbird) failed to verify the signature, because the
> digital signature of the message is invalid. 

I tried the demo/smime.howto/sign.py file, and modified as follows:

Index: sign.py
===================================================================

--- sign.py     (revision 383)
+++ sign.py     (working copy)
@@ -30,8 +30,13 @@
 out.write('Subject: M2Crypto S/MIME testing\n')
 s.write(out, p7, buf)

-print out.read()
+msg = out.read()

+import smtplib
+server = smtplib.SMTP('my mail server here')
+server.sendmail('my email here', 'my email here', msg)
+server.quit()
+
 # Save the PRNG's state.
 Rand.save_file('randpool.dat')


I received that email in Thunderbird and it said the signature is not
valid because the cert used to sign the message was issued by an
untrusted CA. This was expected, since these are test certificates.

If you get this far, next step would be for you to test by creating a CA
and singer cert for the test email, and then import the test CA into the
trusted authorities in Thunderbird and Outlook. After that step they
should recognize it as valid signature. Does it work for you?

Please note that interoperability can be tricky; all these programs have
specific requirements for certificates for things to work. Google around
and/or read the OpenSSL mailinglists to find out if/how other people
have solved the interoperability issues.

-- 
  Heikki Toivonen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20060321/a4813b08/attachment.pgp>
