NAME

OpenCA::OpenSSL::SMIME - Sign, verify, encrypt and decrypt S/MIME

SYNOPSIS

    $shell = OpenCA::OpenSSL->new();
    $smime = OpenCA::OpenSSL::SMIME->new(
		 DATA => \*STDIN,
		 SHELL => $shell);
    $smime->sign(CERTIFICATE => $my_x509,
		 PRIVATE_KEY => $my_key);
    $mime = $msg->get_mime();
    $mime->smtpsend();

DESCRIPTION

A Perl module for handling S/MIME entities: encrypting, decrypting, signing and verifying. Uses MIME::Entity for easy parsing of complex structures and optionally for input and output of data.

CONSTRUCTORS

new ARGS

Creates a new OpenCA::OpenSSL::SMIME object. If invoked as a instance method, inherits the values of SHELL, CA_CERTS, TMPDIR and DEBUG from creator.

Parameters:

SHELL

A blessed reference to an OpenCA::OpenSSL object. Required argument.

INFILE

A filename containing MIME data to be processed.

DATA

An array reference, a string or a filehandle (as a reference to a glob), containing actual MIME data to be processed

ENTITY

A blessed reference to an MIME::Entity object to be processed. One of DATA or ENTITY should be present.

CA_CERTS

Optional list of certificates of CAs for signing and verifying.

Accepts a list of blessed references to OpenCA::X509 objects

TMPDIR

Sets directory to store various temporary files.

DEBUG

Sets debugging on when assigned a true value.

METHODS

set_params ARGS

Sets or resets object parameters. Takes the same arguments as new().

errno

Returns the last error in numeric form. Could be called as class method, to retrieve the last error regardless of the instance.

err

Returns the last error in literal form. Could be called as class method, to retrieve the last error regardless of the instance.

sign ARGS

Signs the message, replaces original content with signed content.

Arguments:

CERTIFICATE

Blessed reference to an OpenCA::X509 object containing the signer's certificate.

PRIVATE_KEY

The private key of the signer. Should be a string containing the textual data or a open filehandle reference.

KEY_PASSWORD

Password to decrypt the private key, if necessary.

INCLUDE_CERTS

If true, the signer's certificate and the chain of trust (if present) will be included in the message.

NO_COPY_HEADERS

If true, the original message headers won't be copied to the external envelope.

NO_STRIP_HEADERS

If true, the original message headers won't be stripped off before signing.

verify ARGS

Verifies the message for integrity and non-repudiation. Can use the embedded certificate in the message (if present) or a user-supplied expected signer.

Arguments:

USES_EMBEDDED_CERT

If true, uses the certificate included in the message, if any, instead of a user-supplied certificate for verifying.

CERTIFICATE

Blessed reference to an OpenCA::X509 object containing the user-supplied certificate for verifying.

NO_COPY_HEADERS

If true, the original message headers won't be copied to the extracted verified message.

encrypt ARGS

Encrypts the message, replaces original content with crypted content.

Arguments:

CERTIFICATE

Blessed reference to an OpenCA::X509 object containing the receiver's certificate.

NO_COPY_HEADERS

If true, the original message headers won't be copied to the external envelope.

NO_STRIP_HEADERS

If true, the original message headers won't be stripped off before encrypting.

CIPHER

Which cipher algorithm to use.

Currently supports: des3, des, rc2-40, rc2-64 and rc2-128.

decrypt ARGS

Decrypts the message, replaces it with original unencrypted data.

Arguments:

CERTIFICATE

Blessed reference to an OpenCA::X509 object containing the recipient's certificate.

PRIVATE_KEY

The private key of the recipient. Should be a string containing the textual data or a open filehandle reference.

KEY_PASSWORD

Password to decrypt the private key, if necessary.

NO_COPY_HEADERS

If true, the original message headers won't be copied to the decrypted message.

get_mime

Extracts the processed message. If called in scalar context, returns a MIME::Entity object. In list context, returns a MIME::Entity object and a filename containing the textual form of the message.

get_last_signer

Returns OpenCA::X509 object of embedded certificate from last verify operation, if it was successful and contained the signer's certificate.

Returns undef it there wasn't any certificate saved.

status

Returns status text from last verify/decrypt operation, or undef if it was successful.

status_code

Returns status code from last verify/decrypt operation, or zero if it was successful.

NOTE: when status/status_code are set, err/errno are not; and viceversa.

Currently defined status values after verifying:

1100	message not signed
1110	invalid certificate chain
1111	no chain of trust supplied
1112	certificate has expired
1113	certificate is not yet valid
1119	unknown certificate problem

Currently defined status values after decrypting:

1300	message not encrypted
1301	this certificate can't decrypt this message

SEE ALSO

OpenCA::OpenSSL, OpenCA::X509, MIME::Tools, MIME::Entity

AUTHOR

Martín Ferrari <yo@martinferrari.com.ar>.

VERSION

$Revision: 1.2 $ $Date: 2003/05/05 13:44:50 $

1 POD Error

The following errors were encountered while parsing the POD:

Around line 1155:

Non-ASCII character seen before =encoding in 'Martín'. Assuming CP1252