Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Microsoft Security, baby steps ?[Scanned]
From: petard <petard () freeshell org>
Date: Thu, 18 Mar 2004 19:36:06 +0000

Hi Paul,

Not that I'd ever discourage s/mime from anyone, but *please* clear-sign
messages to public mailing lists. Opaque-signed mails are very difficult
for some folks to read.

Actually, I usually encourage folks to clear-sign all the time. Is there
any reason you're not?

For the rest of the world, if your mail client does not properly verify
opaque-signed messages and you can't read that one, just save the
message off to a file (say message.eml) and do the following:

1. Go download verisign's "Class 2 Primary CA" certificate, serial number
00 b9 2f 60 cc 88 9f a1 7a 46 09 b8 5b 70 6c 8a af; save it as a PEM
file (say ca.cer).

2. Using openssl's shell tool, issue the command 
openssl smime -verify -CAFile ca.cer -in message.eml

This will print the contents and verify the signature.

Alternatively, if you don't want to verify the validity of Paul's cert
according to Verisign, skip step 1 and change the command from step 2
openssl smime -verify -noverify -in message.eml

That will verify the crypto without checking the validity of the



If your message really might be confidential, download my PGP key here:
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]