Decrypt SMIME E-Mails – BlackBerry/iPhone

VMware Virtual Machine Hosting

I, and most everyone I deal with, use SMIME e-mail certificates from Verisign/Thawte/Home Brew. Unfortunately, these e-mails can not be viewed on an BlackBerry (without BES) or iPhone.

I overcame this by creating an alias on my server that would receive e-mails, decrypt them, and send them back to me -> UNENCRYPTED.

[NOTE: If you are reading this and clean up my technique, please email me your updates! admin -at-]

1. Install openssl on your server

2. Export your key and cert from your desktop machine in PFX format and upload it to your server.

3. Run this command on your cert:
openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes

The output of the above will be your key and cert in 1 file (mycert.pem). Make two separate files with mycert.pem: key and cert. Place these two files in: /usr/decrypt

4. Download this Python script:
Put the extracted file in: /usr/decrypt

5. Use this wrapper [name: extract_mime] and place it in /usr/decrypt
#! /bin/sh

if ! cd /usr/decrypt/; then
echo “Cannot cd to work dir”
exit 1

rm -rf $TMPFILE # to be on safe side

# get message from sendmail
cat – > $TMPFILE

# parse message
/usr/decrypt/ /usr/decrypt/$TMPFILE >>log 2>>err

# clean up
rm -rf $TMPFILE

6. [ASSUMES SENDMAIL IS YOUR MTA] Edit your aliases file and add:
decrypt: “| /usr/decrypt/extract_mime”

7. Cron this script for every 5 minutes:

if [ -f /usr/decrypt/smime.p7m ];
/usr/local/bin/openssl smime -decrypt -binary -inform DER -in /usr/decrypt/smime.p7m -inkey /usr/decrypt/key -recip /usr/decrypt/cert| mail -s “Your unencrypted e-mail”
rm /usr/decrypt/smime.p7m


NOTE:It appears there is now an app for the iPhone and iPad to read SMIME e-mails and documents. It is available in the appstore: CLICK HERE

VMware Virtual Machine Hosting