1;;; smime.el --- S/MIME support library
2
3;; Copyright (C) 2000, 2001, 2002, 2003, 2004,
4;;   2005, 2006, 2007 Free Software Foundation, Inc.
5
6;; Author: Simon Josefsson <simon@josefsson.org>
7;; Keywords: SMIME X.509 PEM OpenSSL
8
9;; This file is part of GNU Emacs.
10
11;; GNU Emacs is free software; you can redistribute it and/or modify
12;; it under the terms of the GNU General Public License as published
13;; by the Free Software Foundation; either version 2, or (at your
14;; option) any later version.
15
16;; GNU Emacs is distributed in the hope that it will be useful, but
17;; WITHOUT ANY WARRANTY; without even the implied warranty of
18;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19;; General Public License for more details.
20
21;; You should have received a copy of the GNU General Public License
22;; along with GNU Emacs; see the file COPYING.  If not, write to the
23;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
24;; Boston, MA 02110-1301, USA.
25
26;;; Commentary:
27
28;; This library perform S/MIME operations from within Emacs.
29;;
30;; Functions for fetching certificates from public repositories are
31;; provided, currently only from DNS.  LDAP support (via EUDC) is planned.
32;;
33;; It uses OpenSSL (tested with version 0.9.5a and 0.9.6) for signing,
34;; encryption and decryption.
35;;
36;; Some general knowledge of S/MIME, X.509, PKCS#12, PEM etc is
37;; probably required to use this library in any useful way.
38;; Especially, don't expect this library to buy security for you.  If
39;; you don't understand what you are doing, you're as likely to lose
40;; security than gain any by using this library.
41;;
42;; This library is not intended to provide a "raw" API for S/MIME,
43;; PKCSx or similar, it's intended to perform common operations
44;; done on messages encoded in these formats.  The terminology chosen
45;; reflect this.
46;;
47;; The home of this file is in Gnus CVS, but also available from
48;; http://josefsson.org/smime.html.
49
50;;; Quick introduction:
51
52;; Get your S/MIME certificate from VeriSign or someplace.  I used
53;; Netscape to generate the key and certificate request and stuff, and
54;; Netscape can export the key into PKCS#12 format.
55;;
56;; Enter OpenSSL.  To be able to use this library, it need to have the
57;; SMIME key readable in PEM format.  OpenSSL is used to convert the
58;; key:
59;;
60;; $ openssl pkcs12 -in mykey.p12 -clcerts -nodes > mykey.pem
61;; ...
62;;
63;; Now, use M-x customize-variable smime-keys and add mykey.pem as
64;; a key.
65;;
66;; Now you should be able to sign messages!  Create a buffer and write
67;; something and run M-x smime-sign-buffer RET RET and you should see
68;; your message MIME armoured and a signature.  Encryption, M-x
69;; smime-encrypt-buffer, should also work.
70;;
71;; To be able to verify messages you need to build up trust with
72;; someone.  Perhaps you trust the CA that issued your certificate, at
73;; least I did, so I export it's certificates from my PKCS#12
74;; certificate with:
75;;
76;; $ openssl pkcs12 -in mykey.p12 -cacerts -nodes > cacert.pem
77;; ...
78;;
79;; Now, use M-x customize-variable smime-CAs and add cacert.pem as a
80;; CA certificate.
81;;
82;; You should now be able to sign messages, and even verify messages
83;; sent by others that use the same CA as you.
84
85;; Bugs:
86;;
87;; Don't complain that this package doesn't do encrypted PEM files,
88;; submit a patch instead.  I store my keys in a safe place, so I
89;; didn't need the encryption.  Also, programming was made easier by
90;; that decision.  One might think that this even influenced were I
91;; store my keys, and one would probably be right. :-)
92;;
93;; Update: Mathias Herberts sent the patch.  However, it uses
94;; environment variables to pass the password to OpenSSL, which is
95;; slightly insecure. Hence a new todo: use a better -passin method.
96;;
97;; Cache password for e.g. 1h
98;;
99;; Suggestions and comments are appreciated, mail me at simon@josefsson.org.
100
101;; begin rant
102;;
103;; I would include pointers to introductory text on concepts used in
104;; this library here, but the material I've read are so horrible I
105;; don't want to recomend them.
106;;
107;; Why can't someone write a simple introduction to all this stuff?
108;; Until then, much of this resemble security by obscurity.
109;;
110;; Also, I'm not going to mention anything about the wonders of
111;; cryptopolitics.  Oops, I just did.
112;;
113;; end rant
114
115;;; Revision history:
116
117;; 2000-06-05  initial version, committed to Gnus CVS contrib/
118;; 2000-10-28  retrieve certificates via DNS CERT RRs
119;; 2001-10-14  posted to gnu.emacs.sources
120
121;;; Code:
122
123(require 'dig)
124(eval-when-compile (require 'cl))
125
126(defgroup smime nil
127  "S/MIME configuration."
128  :group 'mime)
129
130(defcustom smime-keys nil
131  "*Map mail addresses to a file containing Certificate (and private key).
132The file is assumed to be in PEM format. You can also associate additional
133certificates to be sent with every message to each address."
134  :type '(repeat (list (string :tag "Mail address")
135		       (file :tag "File name")
136		       (repeat :tag "Additional certificate files"
137			       (file :tag "File name"))))
138  :group 'smime)
139
140(defcustom smime-CA-directory nil
141  "*Directory containing certificates for CAs you trust.
142Directory should contain files (in PEM format) named to the X.509
143hash of the certificate.  This can be done using OpenSSL such as:
144
145$ ln -s ca.pem `openssl x509 -noout -hash -in ca.pem`.0
146
147where `ca.pem' is the file containing a PEM encoded X.509 CA
148certificate."
149  :type '(choice (const :tag "none" nil)
150		 directory)
151  :group 'smime)
152
153(defcustom smime-CA-file nil
154  "*Files containing certificates for CAs you trust.
155File should contain certificates in PEM format."
156  :version "22.1"
157  :type '(choice (const :tag "none" nil)
158		 file)
159  :group 'smime)
160
161(defcustom smime-certificate-directory "~/Mail/certs/"
162  "*Directory containing other people's certificates.
163It should contain files named to the X.509 hash of the certificate,
164and the files themself should be in PEM format."
165;The S/MIME library provide simple functionality for fetching
166;certificates into this directory, so there is no need to populate it
167;manually.
168  :type 'directory
169  :group 'smime)
170
171(defcustom smime-openssl-program
172  (and (condition-case ()
173	   (eq 0 (call-process "openssl" nil nil nil "version"))
174	 (error nil))
175       "openssl")
176  "*Name of OpenSSL binary."
177  :type 'string
178  :group 'smime)
179
180;; OpenSSL option to select the encryption cipher
181
182(defcustom smime-encrypt-cipher "-des3"
183  "*Cipher algorithm used for encryption."
184  :version "22.1"
185  :type '(choice (const :tag "Triple DES" "-des3")
186		 (const :tag "DES"  "-des")
187		 (const :tag "RC2 40 bits" "-rc2-40")
188		 (const :tag "RC2 64 bits" "-rc2-64")
189		 (const :tag "RC2 128 bits" "-rc2-128"))
190  :group 'smime)
191
192(defcustom smime-crl-check nil
193  "*Check revocation status of signers certificate using CRLs.
194Enabling this will have OpenSSL check the signers certificate
195against a certificate revocation list (CRL).
196
197For this to work the CRL must be up-to-date and since they are
198normally updated quite often (ie. several times a day) you
199probably need some tool to keep them up-to-date. Unfortunately
200Gnus cannot do this for you.
201
202The CRL should either be appended (in PEM format) to your
203`smime-CA-file' or be located in a file (also in PEM format) in
204your `smime-certificate-directory' named to the X.509 hash of the
205certificate with .r0 as file name extension.
206
207At least OpenSSL version 0.9.7 is required for this to work."
208  :type '(choice (const :tag "No check" nil)
209		 (const :tag "Check certificate" "-crl_check")
210		 (const :tag "Check certificate chain" "-crl_check_all"))
211  :group 'smime)
212
213(defcustom smime-dns-server nil
214  "*DNS server to query certificates from.
215If nil, use system defaults."
216  :version "22.1"
217  :type '(choice (const :tag "System defaults")
218		 string)
219  :group 'smime)
220
221(defvar smime-details-buffer "*OpenSSL output*")
222
223;; Use mm-util?
224(eval-and-compile
225  (defalias 'smime-make-temp-file
226    (if (fboundp 'make-temp-file)
227	'make-temp-file
228      (lambda (prefix &optional dir-flag) ;; Simple implementation
229	(expand-file-name
230	 (make-temp-name prefix)
231	 (if (fboundp 'temp-directory)
232	     (temp-directory)
233	   temporary-file-directory))))))
234
235;; Password dialog function
236
237(defun smime-ask-passphrase ()
238  "Asks the passphrase to unlock the secret key."
239  (let ((passphrase
240	 (read-passwd
241	  "Passphrase for secret key (RET for no passphrase): ")))
242    (if (string= passphrase "")
243	nil
244      passphrase)))
245
246;; OpenSSL wrappers.
247
248(defun smime-call-openssl-region (b e buf &rest args)
249  (case (apply 'call-process-region b e smime-openssl-program nil buf nil args)
250    (0 t)
251    (1 (message "OpenSSL: An error occurred parsing the command options.") nil)
252    (2 (message "OpenSSL: One of the input files could not be read.") nil)
253    (3 (message "OpenSSL: An error occurred creating the PKCS#7 file or when reading the MIME message.") nil)
254    (4 (message "OpenSSL: An error occurred decrypting or verifying the message.") nil)
255    (t (error "Unknown OpenSSL exitcode") nil)))
256
257(defun smime-make-certfiles (certfiles)
258  (if certfiles
259      (append (list "-certfile" (expand-file-name (car certfiles)))
260	      (smime-make-certfiles (cdr certfiles)))))
261
262;; Sign+encrypt region
263
264(defun smime-sign-region (b e keyfile)
265  "Sign region with certified key in KEYFILE.
266If signing fails, the buffer is not modified.  Region is assumed to
267have proper MIME tags.  KEYFILE is expected to contain a PEM encoded
268private key and certificate as its car, and a list of additional
269certificates to include in its caar.  If no additional certificates is
270included, KEYFILE may be the file containing the PEM encoded private
271key and certificate itself."
272  (smime-new-details-buffer)
273  (let ((keyfile (or (car-safe keyfile) keyfile))
274	(certfiles (and (cdr-safe keyfile) (cadr keyfile)))
275	(buffer (generate-new-buffer (generate-new-buffer-name " *smime*")))
276	(passphrase (smime-ask-passphrase))
277	(tmpfile (smime-make-temp-file "smime")))
278    (if passphrase
279	(setenv "GNUS_SMIME_PASSPHRASE" passphrase))
280    (prog1
281	(when (prog1
282		  (apply 'smime-call-openssl-region b e (list buffer tmpfile)
283			 "smime" "-sign" "-signer" (expand-file-name keyfile)
284			 (append
285			  (smime-make-certfiles certfiles)
286			  (if passphrase
287			      (list "-passin" "env:GNUS_SMIME_PASSPHRASE"))))
288		(if passphrase
289		    (setenv "GNUS_SMIME_PASSPHRASE" "" t))
290		(with-current-buffer smime-details-buffer
291		  (insert-file-contents tmpfile)
292		  (delete-file tmpfile)))
293	  (delete-region b e)
294	  (insert-buffer-substring buffer)
295	  (goto-char b)
296	  (when (looking-at "^MIME-Version: 1.0$")
297	    (delete-region (point) (progn (forward-line 1) (point))))
298	  t)
299      (with-current-buffer smime-details-buffer
300	(goto-char (point-max))
301	(insert-buffer-substring buffer))
302      (kill-buffer buffer))))
303
304(defun smime-encrypt-region (b e certfiles)
305  "Encrypt region for recipients specified in CERTFILES.
306If encryption fails, the buffer is not modified.  Region is assumed to
307have proper MIME tags.  CERTFILES is a list of filenames, each file
308is expected to contain of a PEM encoded certificate."
309  (smime-new-details-buffer)
310  (let ((buffer (generate-new-buffer (generate-new-buffer-name " *smime*")))
311	(tmpfile (smime-make-temp-file "smime")))
312    (prog1
313	(when (prog1
314		  (apply 'smime-call-openssl-region b e (list buffer tmpfile)
315			 "smime" "-encrypt" smime-encrypt-cipher
316			 (mapcar 'expand-file-name certfiles))
317		(with-current-buffer smime-details-buffer
318		  (insert-file-contents tmpfile)
319		  (delete-file tmpfile)))
320	  (delete-region b e)
321	  (insert-buffer-substring buffer)
322	  (goto-char b)
323	  (when (looking-at "^MIME-Version: 1.0$")
324	    (delete-region (point) (progn (forward-line 1) (point))))
325	  t)
326      (with-current-buffer smime-details-buffer
327	(goto-char (point-max))
328	(insert-buffer-substring buffer))
329      (kill-buffer buffer))))
330
331;; Sign+encrypt buffer
332
333(defun smime-sign-buffer (&optional keyfile buffer)
334  "S/MIME sign BUFFER with key in KEYFILE.
335KEYFILE should contain a PEM encoded key and certificate."
336  (interactive)
337  (with-current-buffer (or buffer (current-buffer))
338    (unless (smime-sign-region
339	     (point-min) (point-max)
340	     (if keyfile
341		 keyfile
342	       (smime-get-key-with-certs-by-email
343		(completing-read
344		 (concat "Sign using key"
345			 (if smime-keys
346			     (concat " (default " (caar smime-keys) "): ")
347			   ": "))
348		 smime-keys nil nil (car-safe (car-safe smime-keys))))))
349      (error "Signing failed"))))
350
351(defun smime-encrypt-buffer (&optional certfiles buffer)
352  "S/MIME encrypt BUFFER for recipients specified in CERTFILES.
353CERTFILES is a list of filenames, each file is expected to consist of
354a PEM encoded key and certificate.  Uses current buffer if BUFFER is
355nil."
356  (interactive)
357  (with-current-buffer (or buffer (current-buffer))
358    (unless (smime-encrypt-region
359	     (point-min) (point-max)
360	     (or certfiles
361		 (list (read-file-name "Recipient's S/MIME certificate: "
362				       smime-certificate-directory nil))))
363      (error "Encryption failed"))))
364
365;; Verify+decrypt region
366
367(defun smime-verify-region (b e)
368  "Verify S/MIME message in region between B and E.
369Returns non-nil on success.
370Any details (stdout and stderr) are left in the buffer specified by
371`smime-details-buffer'."
372  (smime-new-details-buffer)
373  (let ((CAs (append (if smime-CA-file
374			 (list "-CAfile"
375			       (expand-file-name smime-CA-file)))
376		     (if smime-CA-directory
377			 (list "-CApath"
378			       (expand-file-name smime-CA-directory))))))
379    (unless CAs
380      (error "No CA configured"))
381    (if smime-crl-check
382	(add-to-list 'CAs smime-crl-check))
383    (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t)
384	       "smime" "-verify" "-out" "/dev/null" CAs)
385	t
386      (insert-buffer-substring smime-details-buffer)
387      nil)))
388
389(defun smime-noverify-region (b e)
390  "Verify integrity of S/MIME message in region between B and E.
391Returns non-nil on success.
392Any details (stdout and stderr) are left in the buffer specified by
393`smime-details-buffer'."
394  (smime-new-details-buffer)
395  (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t)
396	     "smime" "-verify" "-noverify" "-out" '("/dev/null"))
397      t
398    (insert-buffer-substring smime-details-buffer)
399    nil))
400
401(eval-when-compile
402  (defvar from))
403
404(defun smime-decrypt-region (b e keyfile)
405  "Decrypt S/MIME message in region between B and E with key in KEYFILE.
406On success, replaces region with decrypted data and return non-nil.
407Any details (stderr on success, stdout and stderr on error) are left
408in the buffer specified by `smime-details-buffer'."
409  (smime-new-details-buffer)
410  (let ((buffer (generate-new-buffer (generate-new-buffer-name " *smime*")))
411	CAs (passphrase (smime-ask-passphrase))
412	(tmpfile (smime-make-temp-file "smime")))
413    (if passphrase
414	(setenv "GNUS_SMIME_PASSPHRASE" passphrase))
415    (if (prog1
416	    (apply 'smime-call-openssl-region b e
417		   (list buffer tmpfile)
418		   "smime" "-decrypt" "-recip" (expand-file-name keyfile)
419		   (if passphrase
420		       (list "-passin" "env:GNUS_SMIME_PASSPHRASE")))
421	  (if passphrase
422	      (setenv "GNUS_SMIME_PASSPHRASE" "" t))
423	  (with-current-buffer smime-details-buffer
424	    (insert-file-contents tmpfile)
425	    (delete-file tmpfile)))
426	(progn
427	  (delete-region b e)
428	  (when (boundp 'from)
429	    ;; `from' is dynamically bound in mm-dissect.
430	    (insert "From: " from "\n"))
431	  (insert-buffer-substring buffer)
432	  (kill-buffer buffer)
433	  t)
434      (with-current-buffer smime-details-buffer
435	(insert-buffer-substring buffer))
436      (kill-buffer buffer)
437      (delete-region b e)
438      (insert-buffer-substring smime-details-buffer)
439      nil)))
440
441;; Verify+Decrypt buffer
442
443(defun smime-verify-buffer (&optional buffer)
444  "Verify integrity of S/MIME message in BUFFER.
445Uses current buffer if BUFFER is nil. Returns non-nil on success.
446Any details (stdout and stderr) are left in the buffer specified by
447`smime-details-buffer'."
448  (interactive)
449  (with-current-buffer (or buffer (current-buffer))
450    (smime-verify-region (point-min) (point-max))))
451
452(defun smime-noverify-buffer (&optional buffer)
453  "Verify integrity of S/MIME message in BUFFER.
454Does NOT verify validity of certificate (only message integrity).
455Uses current buffer if BUFFER is nil. Returns non-nil on success.
456Any details (stdout and stderr) are left in the buffer specified by
457`smime-details-buffer'."
458  (interactive)
459  (with-current-buffer (or buffer (current-buffer))
460    (smime-noverify-region (point-min) (point-max))))
461
462(defun smime-decrypt-buffer (&optional buffer keyfile)
463  "Decrypt S/MIME message in BUFFER using KEYFILE.
464Uses current buffer if BUFFER is nil, and query user of KEYFILE if it's nil.
465On success, replaces data in buffer and return non-nil.
466Any details (stderr on success, stdout and stderr on error) are left
467in the buffer specified by `smime-details-buffer'."
468  (interactive)
469  (with-current-buffer (or buffer (current-buffer))
470    (smime-decrypt-region
471     (point-min) (point-max)
472     (expand-file-name
473      (or keyfile
474	  (smime-get-key-by-email
475	   (completing-read
476	    (concat "Decipher using key"
477		    (if smime-keys (concat " (default " (caar smime-keys) "): ")
478		      ": "))
479	    smime-keys nil nil (car-safe (car-safe smime-keys)))))))))
480
481;; Various operations
482
483(defun smime-new-details-buffer ()
484  (with-current-buffer (get-buffer-create smime-details-buffer)
485    (erase-buffer)))
486
487(defun smime-pkcs7-region (b e)
488  "Convert S/MIME message between points B and E into a PKCS7 message."
489  (smime-new-details-buffer)
490  (when (smime-call-openssl-region b e smime-details-buffer "smime" "-pk7out")
491    (delete-region b e)
492    (insert-buffer-substring smime-details-buffer)
493    t))
494
495(defun smime-pkcs7-certificates-region (b e)
496  "Extract any certificates enclosed in PKCS7 message between points B and E."
497  (smime-new-details-buffer)
498  (when (smime-call-openssl-region
499	 b e smime-details-buffer "pkcs7" "-print_certs" "-text")
500    (delete-region b e)
501    (insert-buffer-substring smime-details-buffer)
502    t))
503
504(defun smime-pkcs7-email-region (b e)
505  "Get email addresses contained in certificate between points B and E.
506A string or a list of strings is returned."
507  (smime-new-details-buffer)
508  (when (smime-call-openssl-region
509	 b e smime-details-buffer "x509" "-email" "-noout")
510    (delete-region b e)
511    (insert-buffer-substring smime-details-buffer)
512    t))
513
514;; Utility functions
515
516(defun smime-get-certfiles (keyfile keys)
517  (if keys
518      (let ((curkey (car keys))
519	    (otherkeys (cdr keys)))
520	(if (string= keyfile (cadr curkey))
521	    (caddr curkey)
522	  (smime-get-certfiles keyfile otherkeys)))))
523
524;; Use mm-util?
525(eval-and-compile
526  (defalias 'smime-point-at-eol
527    (if (fboundp 'point-at-eol)
528	'point-at-eol
529      'line-end-position)))
530
531(defun smime-buffer-as-string-region (b e)
532  "Return each line in region between B and E as a list of strings."
533  (save-excursion
534    (goto-char b)
535    (let (res)
536      (while (< (point) e)
537	(let ((str (buffer-substring (point) (smime-point-at-eol))))
538	  (unless (string= "" str)
539	    (push str res)))
540	(forward-line))
541      res)))
542
543;; Find certificates
544
545(defun smime-mail-to-domain (mailaddr)
546  (if (string-match "@" mailaddr)
547      (replace-match "." 'fixedcase 'literal mailaddr)
548    mailaddr))
549
550(defun smime-cert-by-dns (mail)
551  (let* ((dig-dns-server smime-dns-server)
552	 (digbuf (dig-invoke (smime-mail-to-domain mail) "cert" nil nil "+vc"))
553	 (retbuf (generate-new-buffer (format "*certificate for %s*" mail)))
554	 (certrr (with-current-buffer digbuf
555		   (dig-extract-rr (smime-mail-to-domain mail) "cert")))
556	 (cert (and certrr (dig-rr-get-pkix-cert certrr))))
557      (if cert
558	  (with-current-buffer retbuf
559	    (insert "-----BEGIN CERTIFICATE-----\n")
560	    (let ((i 0) (len (length cert)))
561	      (while (> (- len 64) i)
562		(insert (substring cert i (+ i 64)) "\n")
563		(setq i (+ i 64)))
564	      (insert (substring cert i len) "\n"))
565	    (insert "-----END CERTIFICATE-----\n"))
566	(kill-buffer retbuf)
567	(setq retbuf nil))
568      (kill-buffer digbuf)
569      retbuf))
570
571;; User interface.
572
573(defvar smime-buffer "*SMIME*")
574
575(defvar smime-mode-map nil)
576(put 'smime-mode 'mode-class 'special)
577
578(unless smime-mode-map
579  (setq smime-mode-map (make-sparse-keymap))
580  (suppress-keymap smime-mode-map)
581
582  (define-key smime-mode-map "q" 'smime-exit)
583  (define-key smime-mode-map "f" 'smime-certificate-info))
584
585(defun smime-mode ()
586  "Major mode for browsing, viewing and fetching certificates.
587
588All normal editing commands are switched off.
589\\<smime-mode-map>
590
591The following commands are available:
592
593\\{smime-mode-map}"
594  (interactive)
595  (kill-all-local-variables)
596  (setq major-mode 'smime-mode)
597  (setq mode-name "SMIME")
598  (setq mode-line-process nil)
599  (use-local-map smime-mode-map)
600  (buffer-disable-undo)
601  (setq truncate-lines t)
602  (setq buffer-read-only t)
603  (gnus-run-mode-hooks 'smime-mode-hook))
604
605(defun smime-certificate-info (certfile)
606  (interactive "fCertificate file: ")
607  (let ((buffer (get-buffer-create (format "*certificate %s*" certfile))))
608    (switch-to-buffer buffer)
609    (erase-buffer)
610    (call-process smime-openssl-program nil buffer 'display
611		  "x509" "-in" (expand-file-name certfile) "-text")
612    (fundamental-mode)
613    (set-buffer-modified-p nil)
614    (toggle-read-only t)
615    (goto-char (point-min))))
616
617(defun smime-draw-buffer ()
618  (with-current-buffer smime-buffer
619    (let (buffer-read-only)
620      (erase-buffer)
621      (insert "\nYour keys:\n")
622      (dolist (key smime-keys)
623	(insert
624	 (format "\t\t%s: %s\n" (car key) (cadr key))))
625      (insert "\nTrusted Certificate Authoritys:\n")
626      (insert "\nKnown Certificates:\n"))))
627
628(defun smime ()
629  "Go to the SMIME buffer."
630  (interactive)
631  (unless (get-buffer smime-buffer)
632    (save-excursion
633      (set-buffer (get-buffer-create smime-buffer))
634      (smime-mode)))
635  (smime-draw-buffer)
636  (switch-to-buffer smime-buffer))
637
638(defun smime-exit ()
639  "Quit the S/MIME buffer."
640  (interactive)
641  (kill-buffer (current-buffer)))
642
643;; Other functions
644
645(defun smime-get-key-by-email (email)
646  (cadr (assoc email smime-keys)))
647
648(defun smime-get-key-with-certs-by-email (email)
649  (cdr (assoc email smime-keys)))
650
651(provide 'smime)
652
653;;; arch-tag: e3f9b938-5085-4510-8a11-6625269c9a9e
654;;; smime.el ends here
655