Using S/MIME e-mail

Introduction

This is an overview of current software options for S/MIME enabled e-mail and how they are generally setup and used. S/MIME e-mail provides the ability to add Public Key signatures and/or data encryption to the contents of e-mail messages. This document To use these functions you need to have an S/MIME enabled e-mail client installed on your desktop computer. You also need a key pair and certificate for yourself and access to the Public Key certificates of the people with which you wish to exchange S/MIME e-mail messages. The necessary certificates can be stored on your local machine or retrieved from network directories. People with whom you wish to exchange S/MIME messages need a compatible setup.

MIME is a standard for encoding e-mail enclosures (including non-textual data). The S/MIME standard adds security features to the messages.

NOTE: The PKI functionality described in this document is still evolving. As such the details many depend on which of the many versions of a particular program you are using. This document attempts to identify which versions of programs and operating systems are being discussed. Other versions many be different. Other packages likely have similar features if your favorite is not covered. Please report errors in the document or package changes to the author.

E-mail Clients

Several S/MIME enabled e-mail clients are available. Microsoft's Outlook Express (Windows OS version only) and Office Outlook programs support S/MIME. (Outlook is only available on Windows.) Netscape Messenger version 4.x and 7.x (but versions 6.0-6.2 DO NOT) support S/MIME on all operating systems as do Mozilla versions after 0.9.7.

The Mail.app program on Mac OS X supports S/MIME starting with version 1.3.2.

The Eudora mail client from Qualcomm has a plug-in architecture which can be used to support S/MIME. The Tumbleweed S/MIME plugin for Eudora is no longer available.

The Entrust/Desktop software supports S/MIME mail. Version 5 of the software was called Entrust/Express and it supported Eudora or Outlook. Version 6 renamed the functionality the "Entrust/Desktop e-mail plug-in". Version 6 added support for the Microsoft Exchange client and Lotus Notes and discontinued Eudora support.

Other e-mail clients that support S/MIME:

The following e-mail clients do NOT have S/MIME support:

Don't know:

Key and Certificate Stores

The e-mail client needs access to your private keys and public key certificates for you and people with whom you wish to exchange S/MIME messages. Currently there are several different ways in which this information is managed depending on the client and the PKI system that you are using. The various options are described below.

Microsoft's Outlook and Outlook Express clients on Windows operating systems use the Internet Explorer certificate cache. To access the certificate cache open Internet Explorer. On IE v5.5 and 6.0 select the "Tools -> Internet Options" menu item and choose the "Content" tab. Clicking the "Certificates" button opens the Microsoft Certificate browser. Using the browser you can examine the contents of the cache. Certificates in the cache are organized into four categories: Personal (yours), Other People (your associates), Intermediate Certificate Authorities and Trusted Root Certification Authorities (CAs). CA certificates establish the trust chains needed to verify the validity of a given certificate.

The Netscape and Mozilla browsers also provide certificate cache functionality. The e-mail component uses certificates stored in the Netscape cache. The Netscape 4.x the certificate cache is accessed by clicking the "security" button on the main tool bar. Its functionality is similar to IE. The certificates are categorized according to their purpose. You can review the certificate's contents and their validity. The details of the Security User Interface are version dependent, though the functions are similar. On later versions of Netscape and the related Mozilla, the certificate functions are found in the preferences window under Privacy and Security.

On Linux, OpenSSL stores keys in encrypted files. The Darwin kernel for Mac OS X contains OpenSSL and similarly stores keys in encrypted files. In the 10.3.x versions of Mac OS X, PKI certificates can be stored in the KeyChain application.

On Windows Operating systems, for Netscape version 4.6 and later, Netscape released a replacement security module called the "Personal Security Manager" (PSM) which is a recommended update. The certificates are categorized according to their purpose: Mine, Others, Web Sites, Authorities. Choose a category, then choose a certificate. The "View" button displays contents, the "Backup" button exports the certificate. The "Restore" button imports certificates. There are also buttons to "Delete" a certificate and "Backup All". From the "View Security Certificate" window you can review the certificate's contents and their validity. More info shows the ASN display of the certificate. Certificates not in the "Mine" categories have an "Edit" button used to indicate if you want to trust a particular certificate and for what uses.

The PSM is built into Mozilla when you do the full install.

The Entrust PKI provides it's own certificate storage, which can be used with supported e-mail clients. The Entrust/Desktop application provides access to your private keys and automatically locates certificates for other users enrolled in the Entrust PKI. Entrust certificates can be exported for e-mail users in other PKI systems. Entrust/Express version 5 is compatible with either Microsoft Outlook or Eudora (on Windows and Mac). Entrust Desktop version 6 now calls this functionality an e-mail plug-in and works with Microsoft Exchange, Outlook, Lotus Notes, but not Eudora. Entrust 6 also supports key and certificate export to the Microsoft Crypto API (which allows Outlook Express use) and PKCS #12 files (which can be used with Netscape and Mozilla).

Certificate Use

Certificates and private keys are most commonly stored on the computer hard disk in a storage area controlled by software security features of the client or operating system. The certificate stores (caches) can be protected using pass-phrases. The Internet Explorer cache (also called the Microsoft Crypto API) supports 3 levels of control, low (no protection), medium (ask the first time the cache is used) and high (ask for pass-phrase every time the key is used). The IE cache can be unprotected and that is the default, but a questionable practice. Since Windows 98 does not require a user login, with no cache pass-phrase saved key pairs are usable by anyone who can turn on the machine. On Windows NT and 2000, a user login is required.

Netscape (ver 4.78 Win 2000) requires a pass-phrase. Mozilla recommends a pass-phrase but it is optional. Entrust requires a pass-phrase.

Certificates can also be stored in specialized hardware devices such as smart cards and USB tokens. Netscape and Mozilla supports the PKCS #11 standard for key and certificate access.

Address Books

You have to acquire the certificates of people you want to correspond with. Normally an S/MIME signature includes the certificate chain needed to verify it. In many clients the address book feature adds certificates to your cache. Some clients also supported use of a directory for certificate acquisition. Netscape and Mozilla will retrieve certificates for recipients when an LDAP directory has been configured.

Getting CA Certificates

Some clients can be configured to not send the certificate chain with the S/MIME message. In that case you may need to acquire certificates by downloading them. This is often also true for the institutional certificates used to sign personal certificates. See also the discussion of usage at:CA Certificates

Certificate Import/Export

Certificate Selection

There can be multiple personal certificates in the "personal" section of a certificate cache. Some clients make an automatic selection after comparing the messages "from:" address with the e-mail attribute in the certificates. (OE?) Some clients that support multiple mail accounts allowing you to select the certificate to use with the preferences for each account (Outlook Express, Outlook and Netscape/Mozilla). Netscape 4 only supports a single mail account but allows the "certificate" used to be selected.

Certificate Requirements

Your e-mail sending address should match the e-mail address in your personal certificate. Some clients may not work without this. Others report this as a possible signature problem. The personal certificates Key Usage bits should be set to allow e-mail signing, e-mail encryption and others as appropriate.

Sending and Receiving S/MIME Messages

To begin you need to have access to appropriately defined Public Key certificates. Next you must configure preferences for the client. You then address and compose your message as usual. Finally you choose to sign and/or encrypt the message. For some clients, preference settings allow you to sign and/or encrypt all messages.

Messages sent to you that incorporate S/MIME features are labeled as such by the different clients when you open them. In particular you will need the check the signature's validity and read the decrypted contents.

For a description of the procedures to follow when using a particular client, refer to the appropriate page below:

Accepting Certificates

Netscape and Mozilla report that a signature is untrusted until you view the certificate and edit it's "trusted usage".

Key Retention

If messages are stored in encrypted form, you need to retain the private key(s) needed to decrypt them. You may periodically want to decrypt and then re-encrypt with an updated private key.

Mail clients that don't support S/MIME

When a S/MIME message is received by a mail client that doesn't support S/MIME, the signature usually appears as a binary file attachment called "smime.p7s". An encrypted message body appears as a binary file attachment. There is of course no clear text message.

Known Bugs

Mozilla 0.9.9 crashed when you tried to send an S/MIME message. Fixed in later releases.

Mozilla 1.0 when trying to send an encrypted mail, sometimes reports the recipient is "not found" (and won't let you select secure messages) when the CASE of the recipient's address doesn't match the name in the certificate (not sure if it is matching on DN= or E=).

EXMH when trying to encrypt mail ignores all attempts to specify what key to use. It seems to use a particular default key. (SS 10/24/02)

Other Issues and Questions

There were many questions raised in the process of gathering this information above. Here is a list of some of the unanswered questions. Please contribute answers and experiences if you know something about the issue.

Some list servers do not preserve text as is and thus invalidate signatures.

What does the interface to the Netscape certificate cache look like on Windows without PSM? Does it work at all? Anything interesting about different versions of PSM?

The details of the Netscape Security User Interface and the sequence of actions in accepting certificates are version dependent, though the functions are similar. For example Netscape and Mozilla report that a signature is untrusted until you view the certificate and edit it's "trusted usage". Is it useful to document how any of the older versions worked?

What features of address books are useful to document for PKI use?

Which clients check the e-mail address in your personal certificate?

What do they prohibit if it doesn't match the sending address?

What are the certificate requirements of the different e-mail client products?

These should be added to the descriptions of the procedures for each product.

Other topics that may need to be explained, opaque signing, messages only, messages plus enclosures, message bodies encoded as base64

Mozilla 1.0+ will not encrypt mail to recipients that have 512 bit keys. The error message doesn't help the user figure out what is wrong. It tells you to check that you have valid keys for the recipient and yourself. A 512 bit key whose path can be checked is "valid" in the cert preferences window. It may also be true that decryption won't happen if a 512 bit key was used to encrypt it.


Send comments to: Robert.J.Brentrup@dartmouth.edu

Dartmouth College PKI Lab
Last update: 7 Jan 2004