What I am trying to achieve:
- send a signed, unencrypted email using a smart card token through a Python script
What I've tried so far:
- Have a look on an incoming email signed with same corporate smart card system. It is a multipart email with an attached signature headers like the following:
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"Sign a text piece using PyKCS11, that is, for a text string and smart card pin code provided the function returns some bytecode.
Study a S/MIME example from M2Crypto though it's PCKS7 where I find code like the following:
s = SMIME.SMIME()
s.load_key('signer_key.pem', 'signer.pem')
p7 = s.sign(buf, SMIME.PKCS7_DETACHED)
..
s.write(out, p7, buf)
What I see so far is:
- SMIME implementation I've found works with PKCS7 object (
p7is not a string as I thought initially); - Signed emails contain x-pkcs7-signature
Does this mean, the data I get from the PyKCS11 module in this case is not some sort of "pkcs11" signature and I have just to wrap it up as a PCKS7 object either override the SMIME.write() method?
Or, the whole setup might be a wrong way?