How can I make an encrypted email message into a .p7m file?


This is a bit complicated, so I'll explain what I'm really trying to do here: I have a Debian server, and I want to automatically email myself certain logs every week. I'm going to use cron and a bash script to copy the logs into a tarball shortly after midnight every Monday. A bash script on my home computer will then download the tarball from the server, along with a file to be used as the body of the email, and call an AppleScript to make a new email message.

This is where I'm stuck—I can't find a way to encrypt and sign the email using AppleScript and Apple's mail client. I've noticed that if I put a delay in before sending the message, Mail will automatically set it to be encrypted and signed (as it normally does when I compose a message myself). However, there's no way to be sure of this when the script runs—if something goes wrong there, the script will just blindly send the email unencrypted.

My solution there would be to somehow manually create a .p7m file with the tarball and message and attach it to the email the AppleScript creates. Then, when I receive it, Mail will treat it just like any other encrypted message with an attachment (right?)

If there's a better way to do this, please let me know. ^^ (Ideally, everything would be done from the server, but there doesn't seem to be a way to send mail automatically without storing a password in plaintext.)

(The server is running Debian squeeze; my home computer is a Mac running OS X Lion.)

Blacklight Shining

Posted 2012-07-08T07:38:41.553

Reputation: 2 127

1Does it have to be p7m? Would it not be easier to run it through a separate encryption program such as gpg in your batch script? – Mokubai – 2012-07-08T09:04:30.040

Probably. The end result just needs to be that the tarball is sent to myself in an encrypted email, without storing any plaintext passwords or anything anywhere. I use Apple's Keychain Access for storing keys and such, so if that encryption program will take a .p12 keypair, that could work. – Blacklight Shining – 2012-07-08T16:32:40.237



The easiest approach to sending S/MIME encrypted email message that I have found is with openssl.

For example, as a a start, if your message was in file msg.body:

openssl smime -encrypt -aes256 -out "msg.body.enc" "certificate.pem" <"msg.body" 2>"encryption.error"
sendmail -G -i <"msg.body.enc"

In the above example, the sender's public S/MIME certificate must be available in certificate.pem.

You don‘t need a password to send encrypted email, as encryption requires only the public certificate. You will need a password to access the private key required to sign the message though, but in your scenario, I see no real need to sign the message, so I‘d just not sign it.


Posted 2012-07-08T07:38:41.553

Reputation: 261