4

I am looking for a way to decrypt S/MIME emails on client-side. I specifically don't want client to share private key with the server and thus need to find a way for client to do everything on it's own.

I do not need to support multiple browsers, so employing something like window.Crypto that currently works only with Mozilla Firefox is completely fine. This is especially since browser on client will somehow need to access Certificate store that's on client computer (in order to access private key - with approval of user of course).

I am just lost as to where to start since it's almost impossible to find any example or tutorial on doing something like this, so any code you can share will be more than welcome.

nikib3ro
  • 20,366
  • 24
  • 120
  • 181

2 Answers2

0

I'm not to familiar with SMIME.p7m files but it sounds as though they are pkcs7 encrypted.

You might have some luck with the nodejs cryptojs module which looks like it will support pkcs7.

Because nodejs is JavaScript if it doesn't work out of the box it will be a good starting point.

More often than not nodejs modules are built to support nodejs and browser usage.

If it doesn't support browsers out of the box, the <keygen> html5 tag and it's related features (for storing keys etc) might be of interest.

Alex KeySmith
  • 16,657
  • 11
  • 74
  • 152
0

We have examples encrypting/decrypting and signing/verifying S/MIME messages in Javascript using Web Crypto here - https://github.com/PeculiarVentures/pkijs-es6/tree/master/examples/

This approach will work in both the browser, and in node if on node you use a WebCrypto polyfill such as - https://github.com/PeculiarVentures/node-webcrypto-ossl

rmhrisk
  • 1,814
  • 10
  • 16