SMIME with GoS/MIME (Secure/Multipurpose Internet Mail Extensions) supports the encryption and signing of email messages, while keeping compatibility with existing MIME formats. A specified digital certificate is required to read the encrypted email. RFC 822 defines the usage of an electronic message format for header fields, and S/MIME 4.0 is defined in RFC 8551. |
Method
With MIME, we have a header added to the email message. It uses a number of header fields, including:
- Bcc: A blind copy recipient address.
- Cc: A carbon copy recipient address.
- Content-Transfer-Encoding: Defines the format of the encoded message.
- Content-Type: The MIME format used.
- Date: The date of the sending of the message.
- From: The sender of the email.
- Subject: The subject field.
- To: The reciptiant address.
An example is:
From: Bob <Bob@mome> To: Alice <Alice@home> Date: Fri, 07 Nov 2003 18:46:06 +0500 Subject: This is a test Here is my message.
S/MIME (Secure/Multipurpose Internet Mail Extensions) supports the encryption and signing of email messages, while keeping compatibility with existing MIME formats. A specified digital certificate is required to read the encrypted email.
Coding
In the following, we will send an encrypted email from Bob to Alice. Alice will generate a key pair and then send Bob :her public key within an X.509 certificate. Bob then encrypts with Alice's public key, and Alice decrypts with her private key. If we wanted to sign the email message, we would use Bob's private key to create a signature, and then Alice would use his public key to verify his identity
package main import ( "crypto" "crypto/tls" "crypto/x509" "crypto/x509/pkix" "fmt" "os" "crypto/rsa" "github.com/InfiniteLoopSpace/go_S-MIME/pki" "github.com/InfiniteLoopSpace/go_S-MIME/smime" ) var ( root = pki.New(pki.IsCA, pki.Subject(pkix.Name{ CommonName: "root.example.com", })) intermediate = root.Issue(pki.IsCA, pki.Subject(pkix.Name{ CommonName: "intermediate.example.com", })) leaf = intermediate.Issue(pki.Subject(pkix.Name{ CommonName: "leaf.example.com", })) AlicekeyPair = tls.Certificate{ Certificate: [][]byte{leaf.Certificate.Raw, intermediate.Certificate.Raw, root.Certificate.Raw}, PrivateKey: leaf.PrivateKey.(crypto.PrivateKey), } ) func main() { efrom := "alice" eto := "Alice" subject := "Subject" message := "Message" argCount := len(os.Args[1:]) if argCount > 0 { efrom = os.Args[1] } if argCount > 1 { eto = os.Args[2] } if argCount > 2 { subject = os.Args[3] } if argCount > 3 { message = os.Args[4] } mail := "From: " + efrom + "\nTo: " + eto + "\nSubject: " + subject + "\nContent-Type: text/plain\n\n" + message SMIME, _ := smime.New(AlicekeyPair) // Encrypt with Alice's public key ciphertext, _ := SMIME.Encrypt([]byte(mail), []*x509.Certificate{leaf.Certificate}) fmt.Printf("SMIME Encrypted:\n%s\n", ciphertext) // Decrypt with Alice's private key SMIME, _ = smime.New(AlicekeyPair) plaintext, _ := SMIME.Decrypt(ciphertext) fmt.Printf("\n== Decrypted (Alice) ==\n%s\n", plaintext) fmt.Printf("\n== Alice's certificate details ==\n") fmt.Printf("Alice's public key method: %s\n", leaf.Certificate.PublicKeyAlgorithm) fmt.Printf("Alice's Issuer: %s\n", leaf.Certificate.Issuer) fmt.Printf("Alice's Cert Signature: %x\n", leaf.Certificate.Signature) fmt.Printf("Alice's Signature Algorithm: %s\n", leaf.Certificate.SignatureAlgorithm) pub := leaf.Certificate.PublicKey.(*rsa.PublicKey) fmt.Printf("Alice's Public Key: e=%d, N=%s\n", pub.E, pub.N) priv := AlicekeyPair.PrivateKey.(*rsa.PrivateKey) fmt.Printf("Alice's Private Key: d=%d, N=%s\n", priv.D, priv.N) }
A sample run is:
SSMIME Encrypted: From: bob@home To: alice@home Subject: This is the subject Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m MIICAgYJKoZIhvcNAQcDoIIB8zCCAe8CAQAxggFJMIIBRQIBADAvMCMxITAfBgNV BAMTGGludGVybWVkaWF0ZS5leGFtcGxlLmNvbQIIaK4N109jaL0wCwYJKoZIhvcN AQEBBIIBADLc0ebSj7RBMoY69q7i8HPFy466HYIUPiMSOsAsaheaHN+bi7QBnYAx FyB+Q7W+0HEi26szCW965Wq/xHTqY07loK0jGpJGIOOs5xbZapOfsoKMWR+nPOfB 9o61659igHY6SDX0IStLnVJzPt7grpgwtyeuouHPdtY5f7IohAYM/7TCgWdgt9Py m5oeIOP0UK2yTMyyETjMmENqV/riSf/imfrTzNpqeOcpZpC3kfxJAdeunCfk0YZB r3FtgCnUc/bbqhMTNlRfu++N7sKZuwgruxpsFTsLhD6HtlXkJWnFtATx2lx4mHyI KN6jaAKIP1x6jxbJPfW+pv8iRvbyyeYwgZwGCSqGSIb3DQEHATAdBglghkgBZQME AQIEEFaZ0CFw6BR37+s+eShkMuuAcHXkM2cF/crtq5cBV3udTjO055UC/83bCVjQ /FhqADqvCP9+ZDRnPugDBs25jqCuXjdiEU4l7JVN5KNC29gQRVGwmQK7OWDwDzzj IXPQxDNl0w7KibvyRkp0oF/pW902ALnPggSuKiTZtKTckFgTc8E= cms/protocol: ASN.1 Error — unexpected trailing data == Decrypted (Alice) == From: bob@home To: alice@home Subject: This is the subject Content-Type: text/plain This is my message == Alice's certificate details == Alice's public key method: RSA Alice's Issuer: CN=intermediate.example.com Alice's Cert Signature: 3b8baa4fc4bfb510aa274fecbbeacb738e93faf5743e18b2e9690defdf231809ee5a5d5bb80b63b82c5642960106769e5e9abc6115aac0af5f57f9e4b6a209160c31dce2db2ed6d6f731bfc1cc78670902b6838656f963315aa0a87f8d99e0796c60819fb7eb3490186c3676e2165ad1711099631a214d8549ea98bea6cf614f4a585bb09966a427700028addc14c5278b46b1b840e62b2ac45508612f1333e0cd3711bb581ebdb1e1a4cedbe7351b0bf3949a8154993b7c87be134f652843fe733f05914e9febf1642fec0999fafd4075d2d94c1b517abfb9573d29a822ff5393f4ffc9a8c4153afc2a82267bef13ea31ea3ac2ca2d63ad1e4837206c4e3d04 Alice's Signature Algorithm: SHA256-RSA Alice's Public Key: e=65537, N=22315891114997228062119356918478352232765193139931814655479949456792669610955845101683745872386124343144537929393066211319462801778926263931593016273604194319823278625471434037766219945523023740574233505932075863041333257933021619307828732456716646102760370894047125225945387277406174267006470705342287033486532084860183871466014466049282913976768088261189129817673095174856290223624738122854144360468111937026922669821960882501590442878339008480972887734206494831852990868870267174143270033760885677040488111044114887332355009262918188252186926945723317048384732190513955251941964423746447256310555224422453804720809 Alice's Private Key: d=18463380440491549769020521082604508798346385516983120772450513441196101809891493186270316804833801062885488810068819585522303912306921568109049363281865819744629409904465226785324286191099606577737105198470405259955295684039584223625255921998268866466728345682407148193027400313453392545888457833830886824491874288249426873551178608711165927405597612163879693641068065752339173443471727384778147301969288123923782022301667773302452504308877929937448797973527400294939410112453387792633046842375103930368335917408464775601786092639301261148766327237281761893235311015909195337445779431038586243267123535217359875311537, N=22315891114997228062119356918478352232765193139931814655479949456792669610955845101683745872386124343144537929393066211319462801778926263931593016273604194319823278625471434037766219945523023740574233505932075863041333257933021619307828732456716646102760370894047125225945387277406174267006470705342287033486532084860183871466014466049282913976768088261189129817673095174856290223624738122854144360468111937026922669821960882501590442878339008480972887734206494831852990868870267174143270033760885677040488111044114887332355009262918188252186926945723317048384732190513955251941964423746447256310555224422453804720809