On incoming signed E-Mails, Djigzo puts the CN of the
intermediate CA next to the "X-Djigzo-Info-Signer-ID-0-1"-header.
Shouldn't it be the CN of the sender's user certificate which is displayed?
Same thing happens with the "
X-Djigzo-Info-Encryption-Recipient-0-0"-Header in incoming encrypted
I can understand the misunderstanding :). S/MIME (or CMS to be exact)
identifies a signing and encryption certificate using the following two
Issuer/Serial number or,
Subject Key Identifier
Subject Key Identifier is not widely used so in most cases Issuer/Serial
is used. The reason behind this is that in principle the sender is not
obliged to add the signing certificate to the email.
These headers are adding more or less for debugging purposes. I can
however understand that it would be nice to also add info about the
signing certificate. If you want you can add a JIRA feature request for
this. Not sure however when it will be added.
Is there a way to use the value of the FROM-header
instead of the
default CN ("persona non-validated" by default) for automatically
As long as outgoing emails have their source in my trusted environment,
this would make things easier without representing a security issue.
The email address is added to the Subject of the generated certificate.
But you also want to use the "name" part of the from?
Is it possible to use end-to-end encryption for
specific users, so that
a specific user has it's own private key stored on his client and djigzo
only passes through the encrypted email?
Only if the message is encrypted with a certificate for which the
gateway does not have a private key.
I tried to do so. But as I don't have any CA
except Djigzo's built-in
CA, i created the internal user and its certificate with the built-in
CA, exported the key to the client, deleted the user, but Djigzo still
decrypts incoming E-Mail for this user before. Is this a bug or working
See Andreas explanation (i.e., you should delete the certificate with
the private key).
Djigzo open source email encryption