S/MIME support

[willhowells]

I've attempted to address open issue #13 by adding support for S/MIME sending. Key elements:

• Adding relevant admin and user options.
• Creating a new submenu for the plugin as there are now more admin options.
• Sending S/MIME encrypted emails.

I haven't touched PGP signing or comment encryption.

This version allows users to choose between encryption options or to deactivate encryption entirely. You could change this and alternatively default to PGP with S/MIME as a fallback if only the public certificate for S/MIME is present for an admin/user and there's no PGP key.

Thanks, Will

[willhowells]

Thanks for the feedback!

I've implemented those changes. Whether there's a toggling option at all is up to you - I can see a case for automatically using PGP unless S/MIME is present and not giving the option to switch encryption off.

This comment worries me. Are you saying here that there could be a situation in which the plugin will behave unexpectedly if the site's admin email address matches a user's email address?

Yes, that's right. If the admin email also belongs to a user and that user only puts their key/cert in their profile, the if statement identifies them as an admin user and only tries to get the key/cert from there. When it doesn't find it, it sends the email unencrypted (so the admin user would probably notice pretty quickly). It's an existing issue so I've taken out the comment and I'll log it separately.

This site suggests the OpenSSL extension is pretty standard and can't be deactivated in current versions of PHP?

[fabacab]

Hey, @willhowells, just a quick update. First, sorry that I have not yet gotten back to you about this. I have been busy with another plugin (WP-LDAP). One thing I learned from work on that plugin is that the inetOrgPerson object class in an LDAP data store has a standard place for a user's S/MIME certificate. (See RFC 2798 § 2.8). I've just added a hook in the other plugin so that this plugin can work well with it.

Now that that's in place, I can swing back around to this pull request and integrate S/MIME support to this plugin. In so doing, I'll make sure the appropriate filter hook is included so that users who use both this plugin and want to sync up with an LDAP DIT using the other plugin can do so.

[fabacab]

Hey @willhowells, have you tested this implementation on your own system? Have you successfully used your code to send an S/MIME encrypted email and then decrypt it in an email client?

I am a little confused because, unlike ASCII-armored OpenPGP keys, an S/MIME certificate (.cer, .p12, etc.) is a binary file format; one cannot simply use a pasteboard to move this information into the WordPress admin interface. I tried to provide your plugin plain-text .pem file contents as well, but openssl_x509_read() tells me:

Warning: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!

Or am I misunderstanding either your intention or something about S/MIME?

[fabacab]

Okay I see what's happening here. Correct me if I'm wrong, but it looks like you're accepting the certificate information using the same subroutines as the PGP sanitization checks. This is extremely confusing. This is also not how must user-facing tools that I'm aware of handle S/MIME files? I had to do the following to transform the binary .cer files produced by some GUI tools to the expected ASCII format.

openssl x509 -in TESTCERTIFICATE.cer -inform DER -out output.pem

The following also worked to move from .p12 encoding to plain ASCII (in .pem):

openssl pkcs12 -in TESTCERTIFICATE.p12  -out output.pem

I think we might consider a separate class to handle X509 and S/MIME operations, independent of the OpenPGP class for the same. Using the same code paths for these two formats feels very convoluted. :(

But, this does function, with some experimentation from a user. :) Thank you very much for that!