Extract SMIME certificate from mail

2024-01-29 security

In an earlier post, I dircript how you can sent a s/mime encrypted mail.
If you want to send encrypted mail, you need the public certificate from the recipient's email address.
One way to recive this is, that the recipient sent a signed mail to you.
The signature include the public certificate.

1. store email

Store the email in your mail client als eml file.
You can also forward the email to yourself as an attachment file.
Attached emails are also in eml format.

2. extract Signamture.

the eml file includes a p7s part.

Content-Type: application/pkcs7-signature;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;


You can use mpack (sudo apt-get install mpack) to extract all parts from the eml file.

After executeing munpack mail.eml, you have a separate 'smime.p7s' file

3. extract certificate

openssl pkcs7 -in smime.p7s -inform DER -print_certs show you all certificates (personal, root, ...) from the p7s file.

You need the certificate with recipient's mail address as subject.

subject=CN = smimetest@falk-m.de, emailAddress = smimetest@falk-m.de

issuer=C = CH, O = SwissSign AG, CN = SwissSign RSA SMIME LCP ICA 2022 - 1


Copy all from including '-----BEGIN CERTIFICATE-----' to including '-----END CERTIFICATE-----' in a new created empty text file and rename it to 'mail.crt'.

❰ back