Secure Email with Pine (S/MIME)

S/MIME support for Pine lets you send/receive secure mail and use electronic signatures with your mail messages.

Setup Secure Email with Pine

1. From the Menu, press for , then for .

2. Scroll down to the line titled smime-options.

  • verify-on
  • use-SSL_CERT_DIRECTORY
  • sign-default-on
  • save-certs-and-crl

3. Exit ( ) and save the configuration menu and return to the Main Menu and use Pine as you would normally.

Certification Authorities (CAs)

Pine is configured to use a global set of CAs that allow trust between peer institutions and enable self-signaturing of email messages.

We recommend you initially obtain an x509 personal certificate from http://www.thawte.com/email/ . A Personal E-mail certificate is free and will be valid for one year. Once that process has been set in motion and you would like to have a notarized email certificate you can make an appointment with someone in ITS Security ( security@its.unc.edu ) and present two forms of positive ID (driver’s license and your UNC One card are sufficient).

Certificate Use

Certificates and private keys are most commonly stored in ~/pine-smime/ca and ~/.pine-smime/private , respectively, by default (this can be changed from within the Setup > Configuration Menu). The certificate and private keys are used to verify signatures from incoming signed messages, Time Stamp responses (TSA), and Online Certificate Status Protocol (OCSP) responses.

Address Books

You have to acquire the certificates of people you want to correspond with. Normally an S/MIME signature includes the certificate chain needed to verify it. Pine stores these certificates in ~/.pine-smime/public (by default).

Key Retention

If messages are stored in encrypted form, you need to retain the private key(s) needed to decrypt them. You may periodically want to decrypt and then re-encrypt with an updated private key.