mailing list archives
Re: Re: Microsoft Security, baby steps ?[Scanned]
From: petard <petard () freeshell org>
Date: Thu, 18 Mar 2004 19:36:06 +0000
Not that I'd ever discourage s/mime from anyone, but *please* clear-sign
messages to public mailing lists. Opaque-signed mails are very difficult
for some folks to read.
Actually, I usually encourage folks to clear-sign all the time. Is there
any reason you're not?
For the rest of the world, if your mail client does not properly verify
opaque-signed messages and you can't read that one, just save the
message off to a file (say message.eml) and do the following:
1. Go download verisign's "Class 2 Primary CA" certificate, serial number
00 b9 2f 60 cc 88 9f a1 7a 46 09 b8 5b 70 6c 8a af; save it as a PEM
file (say ca.cer).
2. Using openssl's shell tool, issue the command
openssl smime -verify -CAFile ca.cer -in message.eml
This will print the contents and verify the signature.
Alternatively, if you don't want to verify the validity of Paul's cert
according to Verisign, skip step 1 and change the command from step 2
openssl smime -verify -noverify -in message.eml
That will verify the crypto without checking the validity of the
If your message really might be confidential, download my PGP key here:
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
Full-Disclosure - We believe in it.