I'm looking for a solution to send S/Mime email from my Drupal server to some email adress. Do you have plan to add this kind of support in the near future ? Or guideline you can give me how to achieve this.

Perhaps I could make a new module for that or it could be cool to add this as an option in MimeMail
http://php.net/manual/fr/function.openssl-pkcs7-encrypt.php seems the way to encrypt in S/Mime

Comments

leenx’s picture

leenx CreditAttribution: leenx commented
Issue summary: View changes

Greetings ...

I have some code that I believe would help with this issue, but not sure how to integrate cleanly.

below would be the needed function ...

/**
 * Add an S/MIME signature.
 *
 * @param $message Message array, see drupal_mail_send() for keys.
 */
function smime_sign(&$message) {

  $message_file = $temp_file = tempnam(file_directory_temp(), 'smime_mail_');
  $signed_file = $temp_file = tempnam(file_directory_temp(), 'smime_signed_');

  // Need to move first MIME header into body before signing
  $old_headers = mimemail_rfc_headers(array(
    'Content-Type' => $message['headers']['Content-Type'],
    'Content-Transfer-Encoding' => $message['headers']['Content-Transfer-Encoding'],
    ));

  // body is a string, but we might need to remove the first line, but mostly working
  file_put_contents($message_file, $old_headers . "\n" . $message['body']);

  if (!openssl_pkcs7_sign(
        $message_file,
        $signed_file,
        'file://' . realpath($message['sign']['public-cert']),
        array('file://' . realpath($message['sign']['private-key']), $message['sign']['key-password']),
        //array(), PKCS7_DETACHED
        array(), PKCS7_DETACHED, $message['sign']['extra-cert']
        )
     ){
        print 'MAIL SIGNING FAILED!!';
        exit;
      }

  $fp = fopen($signed_file, 'r');

  // Read the message headers.
  while ($line = trim(fgets($fp))) {
    if ($line != '') {
      $parts = explode(': ', $line, 2);
      $message['headers'][$parts[0]] = $parts[1];
    }
   else {
      break;
    }
  }

  // Read the message body.
  $message['body'] = '';
  while ($line = fgets($fp)) {
    $message['body'] .= $line;
  }

  // Clean up.
  unlink($message_file);
  unlink($signed_file);
}

And this is how you might call it

function myfunction_mailsigning_mail_alter(&$message) {
  if (is_array($message['from'])) {
    $from = $message['from']['mail'];
  }
  else {
    $from = $message['from'];
  }
    switch (strtolower($from)) {
    case 'signing@example.com':

      $sign = array(
        'public-cert' => drupal_get_path('module', 'myfunction_mailsigning') . '/folder/certs.pem',
        'private-key' => drupal_get_path('module', 'myfunction_mailsigning') . '/folder/certs.pem',
        'key-password' => 'certs-password',
        'extra-cert' => drupal_get_path('module', 'myfunction_mailsigning') . '/folder/certs.pem',
      );
      $message += array('sign' => $sign);
      break;
  }
}

Hope this helps

TR’s picture

TR CreditAttribution: TR commented
Version: 7.x-1.x-dev » 8.x-1.x-dev
Status: Active » Postponed

I would be interested in including this, if we had a patch and some tests for this feature. I am not planning on implementing this myself, but if someone in the community wants to contribute a solution that would be appreciated.

This will need to be done for Drupal 8 first, then backported to Drupal 7 only if there is community interest in the backport. The solution should include Mime Mail settings to configure and enable S/Mime, as well as tests for this feature.

hammiti’s picture

hammiti CreditAttribution: hammiti commented

Hello, has anyone tested the the code above in D7?

my problem is that the signature is not attached to email as file but within the email-content. Any idea?

leenx’s picture

leenx CreditAttribution: leenx as a volunteer commented

Greetings @hammiti ...

The code attached was for Drupal 7 and if I remember correctly, the sigs are meant to be inline, not as attachments.

Beyond that I can't really say. I hope you find a working solution.