Authenticated Mail with S/MIME for 2022

Background

Here at sdf.org, various thing can be done. Securing email communication with either gpg or s/mime is possible. Why bother? Well, because the standard exists and it's fun.

Obtaining S/MIME certificate

For this to work, a client certificate is needed. Go ahead to your favorite Certificate Authority to obtain S/MIME certificate.

Here is my s/mime certificate. Grab this certificate, import it into your s/mime database and let me know that s/mime works for you.

You can import the certificate into your email client and start doing s/mime stuff.

My s/mime setup at sdf.org

Well, this is just technical detail in case you want to copy my setup.

For doing email, my preferred client is mutt. Here is part of my .muttrc that enables s/mime related stuff.

set crypt_use_gpgme=yes
# look at the output of gpgsm --list-secret-keys to
# know the key id
# If using classic smime, look at the output of
# smime_keys list
set smime_default_key=0xFC49726A
set smime_sign_as=0xFC49726A

My s/mime certificates are stored within gpgsm keyring. In addition, gpgsm has to be configured with relaxing policy check to be able to do s/mime stuff.

~/.gnupg/gpgsm.conf

disable-crl-checks
disable-policy-checks
disable-trusted-cert-crl-check

Well, that's all my setup to enable s/mime messaging within mutt. Let me know if it works for you by contacting mydeardiary at sdf dot org.