Secure/Multipurpose Internet Mail Extensions (S/MIME) support for ActionMailer, inspired by a blog post by Andrew White: Sending S/MIME encrypted emails with Action Mailer.

Add this line to your application's Gemfile:

gem 'mr_smime'

And then execute:

$ bundle

Setup a certificate path in your application.rb:

module MyApp
  class Application < Rails::Application

    ...

    MrSmime.configure do |config|
      config.certificate_path = Rails.root.join('config', 'certificates')
    end

    ...
  end
end

Add certificates for each of your senders (and recipients if you want encryption). We expect a .key and .pem file where @ has been replaced by . (e.g. [email protected] results in john.example.com.key and john.example.com.pem)

That's it!

• Make it easy to save certificates from incoming e-mails (so we can sent encrypted mails back to them)
• Add options to use keys with passphrases
• Add options to enable on a per something base

• Initial release

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Create a CA certificate first:

$ openssl genrsa -out ca.key 4096
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Then create a certificate for each of your mail addresses (I'm certain there is a better way to do this):

$ openssl genrsa -out jane.example.com.key 4096
$ openssl req -new -key jane.example.com.key -out jane.example.com.csr
$ openssl x509 -req -days 365 -in jane.example.com.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out jane.example.com.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
$ openssl pkcs12 -export -in jane.example.com.crt -inkey jane.example.com.key -out jane.example.com.p12
$ openssl pkcs12 -in jane.example.com.p12 -clcerts -nokeys -out jane.example.com.pem

Bug reports and pull requests are welcome on GitHub at https://github.com/bluerail/mr_smime.